Adding the root and intermediate certificates
Before receiving a signed TLS certificate, you must add the root certificate and any intermediate certificates to your keystore. These certificates are provided to you by your certificate authority (CA) or security team as part of the certificate signing request (CSR) process.
When adding certificates to a keystore, the root certificate should be added first, then any intermediate certificates in order.
Root and intermediate certificates provided in separate files
If the CA provides the root and any intermediate certificates in separate files, run the
following commands:
Note: Not all certificate authorities provide intermediate
certificates.
gsk8capicmd_64 -cert -add -db server.p12 -stashed -file RootCA.cer -label MyRootCA
gsk8capicmd_64 -cert -add -db server.p12 -stashed -file IntermediateCA.cer -label MyIntermediateCA
Root and Intermediate certificates in a single file
If the certificate authority provides the root and any intermediate certificates in a single
Base64 encoded file, run the following command to import the
file.
gsk8capicmd_64 -cert -add -db server.p12 -stashed -file <certificates.pem>If the certificate authority provides the root and any intermediate certificates in a single
Base64 encoded file, use the following command to import the file.
gsk8capicmd_64 -cert -import -target server.p12 -target_stashed -db <certificates.p12> -pw <password> Note: Do
not use the -label option of gsk8capcimd_64 when adding a file
containing multiple certificates. To rename a certificate, use the -cert -list
option to determine the certificate label and the -cert -rename option to assign a
new label:
gsk8capicmd_64 -cert -list -db server.p12 -stashed
gsk8capicmd_64 -cert -rename -db server.p12 -stashed -label <existing label> -new_label <new label>