Exchanging certificates

In some configurations, certificates must also be made available to SSL partners, for example the DCAS server. If your server uses a certificate from an unknown CA, the unknown CA's signer (root) certificate must be made available to SSL partners. If your server uses a self-signed certificate, a copy of the self-signed certificate must be made available to SSL partners.

To create a certificate file to exchange:
  1. Open the key database file. See Creating a key database file.
  2. Extract the certificate.
    • If your server uses a certificate issued by an unknown CA:
      1. Under Key database content, select Signer Certificates from the drop-down list.
      2. Highlight the signer (root) certificate of the CA that issued the certificate for your server.
      3. Click Extract.
    • If your server uses a self-signed certificate:
      1. Under Key database content, select Personal Certificates from the drop-down list.
      2. Highlight the certificate used by your server.
      3. Click Extract Certificate.
  3. On the Extract Certificate to a File window, choose either Base64-encoded ASCII data or Binary DER data. Base64-encoded ASCII data is usually used if the certificate will be securely transferred through e-mail. The certificate file name and location can be any you choose.
  4. Click OK to extract the certificate file.
  5. Securely transfer the certificate file to the SSL partner, for example the DCAS server, and add the certificate to the its key database file.