Installing Other Server Certificates

Your certificate from the CA is encrypted with your public key so that only you can decrypt it. Only by entering the correct password for your trust database can you decrypt and install your certificate.

The three types of certificates are:

• Your own server’s certificate to present to clients

• A CA’s own certificate for use in a certificate chain

• A trusted CA’s certificate

A certificate chain is a hierarchical series of certificates signed by successive Certificate Authorities. A CA certificate identifies a Certificate Authority and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA, and so on, up to a root CA.

If your CA does not automatically send you its certificate, request it. Many CAs include their certificate in the email with your certificate, and both certificates are installed by your server at the same time.

Your certificate from the CA is encrypted with your public key so that only you can decrypt it. The Proxy Server uses the key-pair file password you specify to decrypt the certificate when it is installed. You can either save the email somewhere accessible to the server, or copy the text of the email and be ready to paste the text into the Install Certificate form, as described in the following procedure.

To Install Other Server Certificates

1. Access either the Administration Server or the Server Manager and click the Security tab.

2. Click the Install Certificate link.

3. Next to Certificate For, select the type of certificate to install:

   • This Server

     • Server Certificate Chain

     • Certification Authority

       For more information about specific settings, see the online Help.

4. Select the cryptographic module from the drop-down list.

5. Type the key-pair file password.

6. Type a certificate name only if you selected Server Certificate Chain or Certification Authority in Step 3.

7. Provide certificate information by doing one of the following:

   • Select Message Is In This File and then type the full path name to the file that contains the CA certificate.

     • Select Message Text (with headers) and then copy and paste the content of the CA certificate. Be sure to include the Begin Certificate and End Certificate headers, including the beginning and ending hyphens.

8. Click OK.

9. Indicate whether you are adding a new certificate or renewing an existing certificate.

   • Add Certificate if you are installing a new certificate.

     • Replace Certificate if you are installing a certificate renewal.

       The certificate is stored in the server’s certificate database. For example:

       server-root/alias/proxy-serverid-cert8.db