To view the list of certificates stored in the Certificate Store,
click on the Certificates item in the tree view on the
left-hand side of the Policy Studio. The certificates are listed in a
table in the main panel of the Policy Studio.
To create a certificate and private key, click the
Create button on the Certificates
screen of the Policy Studio. The
Configure Certificate and Private Key dialog is
displayed.
X.509 Certificate Tab:
The following configuration options are available on this tab:
-
Subject:
Click the Edit button to configure the
distinguished name of the subject.
-
Public Key:
Click the Import button to import the subject's
public key (usually from a PEM- or DER-encoded file).
-
Version:
This read-only field displays the X.509 version of the certificate.
-
Issuer:
This read-only field displays the distinguished name of the CA that
issued the certificate.
-
Validity Period:
The dates specified here define the validity period of the
certificate.
-
Alias Name:
This mandatory field allows the user to specify a friendly name (or
alias) for the certificate.
-
Use Distinguished Name:
Check this option to view the DName of the certificate in the text
box instead of the certificate alias.
-
Import Certificate:
Click this button to import a certificate from a file.
-
Export Certificate:
Use this option to export the certificate to a file.
-
Sign Certificate:
Click this button to sign the certificate. The certificate can
either be self-signed, or it can be signed by the private key
belonging to a trusted CA whose key pair has been stored in the
Certificate Store.
Private Key Tab:
Use the Private Key tab to configure details of the
private key. By default, private keys are stored locally in the
Certificate Store. They can also be stored on a HSM (Hardware Security
Module), if required.
Private Key Stored Locally:
Select the Private key stored locally radio button.
The following configuration options are available for keys that are
stored locally in the Certificate Store:
-
Private Key:
This read-only field displays details of the private key.
-
Import Private Key:
Click the Import Private Key button to import
the subject's private key (usually from a PEM- or DER-encoded
file).
-
Export Private Key:
Click this button to export the subject's private key to a PEM-
or DER-encoded file.
Private key stored on HSM:
If the private key that corresponds to the public key stored in the
certificate resides on a HSM, you should select the
Private key stored on HSM radio button. Configure
the following fields to associate a key stored on a HSM with the current
certificate:
Global Options:
The following global configuration options apply to both the
X.509 Certificate and Private Key tabs:
-
Import Certificate + Key:
Use this option to import a certificate and a key from a file.
-
Export Certificate + Key:
Use this option to export a certificate and a key to a file.
Click the OK button when you have finished configuring
the certificate and/or private key.
Managing certificates
On the main Certificates screen, you can edit an existing
certificate using the Edit button. You can also view the
details of an existing certificate using the View button.
Similarly, you can remove a certificate from the Certificate Store using the
Remove button.
You can also export a certificate to a Java keystore. You can do this by
selecting the certificate in the table, and then clicking the Export
to Keystore button. Choose the name and location of the new
keystore file, and enter a passphrase for this keystore when prompted.
Similarly, you can import certificates and keys from a Java
keystore into the Certificate Store. To do this, click the
Keystore button on the main Certificates screen.
On the Keystore screen, browse to the location of the
keystore by clicking the button beside the Keystore
field.
The certificates/keys in the keystore are listed in the table. To
import any of these keys to the Certificate Store, simply check the
box next to the certificate or key that you want to import, and then click
the Import to Trusted Certificate Store button. If the
key is protected by a password, you are prompted for this password.
You can also use the Keystore screen to view and remove
existing entries in the keystore. You can also add keys to the keystore
and to create a new keystore. Use the appropriate button to perform any
of these tasks.
|