Installing Other Server Certificates

When you receive your certificate from the CA, it is encrypted with your public key so that only you can decrypt it. Only by entering the correct password for your trust database can you decrypt and install your certificate.

There are three types of certificates:

• Your own server’s certificate to present to clients

• A CA’s own certificate for use in a certificate chain

• A trusted CA’s certificate

A certificate chain is a hierarchical series of certificates signed by successive Certificate Authorities. A CA certificate identifies a Certificate Authority and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA, and so on, up to a root CA.

If your CA does not automatically send you its certificate, request it. Many CAs include their certificate in the e-mail with your certificate, and both certificates are installed by your server at the same time.

When you receive a certificate from the CA, it is encrypted with your public key so that only you can decrypt it. The Proxy Server uses the key-pair file password you specify to decrypt the certificate when it is installed. You can either save the e-mail somewhere accessible to the server, or copy the text of the e-mail and be ready to paste the text into the Install Certificate form, as described in the following procedure.

To install other server certificates

Steps

1. Access either the Administration Server or the Server Manager and click the Security tab.

2. Click the Install Certificate link.

3. Next to Certificate For, select the type of certificate to install:

   • This Server

     • Server Certificate Chain

     • Certification Authority

       For more information about specific settings, see the online Help.

4. Select the cryptographic module from the drop-down list.

5. Enter the key-pair file password.

6. Enter a certificate name only if you selected Server Certificate Chain or Certification Authority in Step 3.

7. Provide certificate information by doing one of the following:

   • Select Message Is In This File and then enter the full path name to the file that contains the CA certificate.

     • Select Message Text (with headers) and then copy and paste the contents of the CA certificate. Be sure to include the Begin Certificate and End Certificate headers, including the beginning and ending hyphens.

8. Click OK.

9. Select either:

   • Add Certificate if you are installing a new certificate.

     • Replace Certificate if you are installing a certificate renewal.

       The certificate is stored in the server’s certificate database. For example:

       server_root/alias/proxy-serverid-cert8.db