Receiving a CA-signed certificate

Use this procedure to receive an electronically mailed certificate from a certificate authority (CA), designated as a trusted CA on your server. By default, the following CA certificates are stored in the HODServerKeyDb.kdb key database and marked as trusted CA certificates:

  • IBM World Registry CA
  • Integrion CA Root (from IBM World Registry)
  • VeriSign Class 1 Public Primary CA
  • VeriSign Class 2 Public Primary CA
  • VeriSign Class 3 Public Primary CA
  • VeriSign Class 4 Public Primary CA
  • VeriSign Test CA
  • RSA Secure Server CA (from VeriSign)
  • Thawte Personal Basic CA
  • Thawte Personal Freemail CA
  • Thawte Personal Premium CA
  • Thawte Premium Server CA
  • Thawte Server CA

The Certificate Authority may send more than one certificate. In addition to the certificate for your server, the CA may also send additional Signing certificates or Intermediate CA Certificates. For example, Verisign includes an Intermediate CA Certificate when sending a Global Server ID certificate. Before receiving the server certificate, receive any additional Intermediate CA certificates. Follow the instructions in Storing a CA certificate to receive Intermediate CA Certificates.


top Graphic Image
 If the CA who issues your CA-signed certificate is not a trusted CA in the key database, you need to first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions, see Storing a CA certificate
For Windows platforms, for example, to receive the CA-signed certificate into a key database, enter the following command: 
java com.ibm.gsk.ikeyman.ikeycmd -cert -receive -file <filename>
-db your_install_directory\bin\HODServerKeyDb.kdb -pw <password>
-format <ascii | binary> -default_cert <yes | no>
where your_install_directory is your Host On-Demand installation directory.

Note the following descriptions:

  • -format: Certificate Authority might provide CA Certificate in either ASCII or binary format
  • -label: Label attached to CA certificate.
  • -trust: Indicates whether this CA can be trusted. Use enable options when receiving a CA certificate.
  • -file: File containing the CA certificate.