Obtaining a copy of the private CA certificate

When you access a server that uses a Secure Sockets Layer (SSL) connection, the server presents a certificate to your client software as proof of its identity. Your client software must then validate the server's certificate before the server can establish the session.

To validate the server certificate, your client software must have access to a locally stored copy of the certificate for the Certificate Authority (CA) that issued the server certificate. If the server presents a certificate from a public Internet CA, your browser or other client software might already have a copy of the CA certificate. If, however, the server presents a certificate from a private local CA, you must use Digital Certificate Manager (DCM) to obtain a copy of the local CA certificate.

You can use DCM to download the local CA certificate directly into your browser, or you can copy the local CA certificate into a file so that other client software can access and use it. If you use both your browser and other applications for secure communications, you may need to use both methods to install the local CA certificate. If using both methods, install the certificate in your browser before you copy and paste it into a file.

If the server application requires that you authenticate yourself by presenting a certificate from the local CA, you must download the local CA certificate into your browser before requesting a user certificate from the local CA.

To use DCM to obtain a copy of a local CA certificate, complete these steps:

  1. Start DCM. Refer to Starting DCM.
  2. In the navigation frame, select Install local CA Certificate on Your PC to display a page that allows you to download the local CA certificate into your browser or to store it in a file on your system.
  3. Select a method for obtaining the local CA certificate. For each local CA on the system there are two links.
    1. Select Install certificate to download that local CA certificate as a trusted root in your browser. This ensures that your browser can establish secure communications sessions with servers that use a certificate from this CA. Your browser will display a series of windows to help you complete the installation.
    2. Select Copy and paste certificate to display a page that contains a specially coded copy of that local CA certificate. Copy the text object shown on the page into your clipboard. You must later paste this information into a file. This file is used by a PC utility program (such as MKKF or IKEYMAN) to store certificates for use by client programs on the PC. Before your client applications can recognize and use the local CA certificate for authentication, you must configure the applications to recognize the certificate as a trusted root. Follow the instructions that these applications provide for using the file.
  4. Click OK to return to the Digital Certificate Manager home page.