Importing an end-entity certificate

An end-entity certificate is a digitally-signed statement issued by a Certificate Authority to a person or system. It binds a public key to some identifying information and is used for encryption, authentication, digital signatures and other purposes. The term “end-entity” is used to distinguish it from a Certificate Authority certificate. The signer of the statement is the issuer and the entity discussed in the certificate is the subject.

About this task

To import an end-entity certificate and private key, you must import a file in PKCS#12 format using the Java keytool -importkeystore command. PKCS #12, the successor to PFX from Microsoft, defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key. PKCS #12 format files typically have a file extension of .pfx or .p12.

The following steps provide an example of how to import an end-entity certificate:

Procedure

Navigate to the Studio security directory. For example. C:\Program Files\IBM\App Connect Studio\security.
Copy the PKCS #12 format file into Studio security directory, for example C:\Program Files\IBM\App Connect Studio\security\certificate.p12.
Import the certificate and private key into the Studio keystore using the keytool -importkeystore command. For example: keytool -importkeystore -deststorepass "keystore admin" -destkeystore certs -srckeystore certificate.p12 -srcstoretype PKCS12 -srcstorepass <certificatePswd> -srcalias <certificateAlias>.

Results

At the conclusion of these steps, the certificate is imported into your Studio security directory. For more information about the keytool -importkeystore command, see: http://www.ibm.com/developerworks/java/jdk/security/60/secguides/keytoolDocs/keytool.html#importKeyStore.