Federation Manager GuideKeys and Certificates for Secure Federated CommunicationImport Trusted Certificates and Key/Certificate Pairs › Import a Key/Certificate Pair from an Existing File

Previous Topic: Import Trusted Certificates and Key/Certificate Pairs

Next Topic: Generate a Key/Certificate Pair

Import a Key/Certificate Pair from an Existing File

If you do not have a key/certificate pair in the key database, you can import one from an existing .p12 or .pfx file.

In most cases, a certificate you import from the Import Certificate/Private Key dialog is treated as a trusted certificate. The exceptions are self-signed certificates. If Federation Manager identifies a V3 self-signed certificate as a CA certificate, then it is treated as a CA certificate despite the fact that the import is initiated from the Certificate/Private Key dialog. If a V3 self-signed certificate is not identified as a CA or if it is a V1 self-signed certificate, then it is treated as a trusted certificate.

To import a key/certificate pair from an existing file

  1. From the Certs & Keys tab, select Certificates and Private Keys.

    The View Certificates and Private Keys dialog opens.

  2. Click Import New.

    The Import Certificate/Private Key dialog displays.

    Note: You can click Help for a description of fields, controls, and their respective requirements.

  3. Browse to the file you want to import.

    For a trusted certificate file in DER (binary) format, the file may contain one or more certificate entries. For a trusted certificate file in PEM (base 64) format, Federation Manager expects one certificate per file.

  4. Click Next.

    The Select Entries step is displayed with the Available Entries table.

  5. Enter the alias you want associated with each certificate entry that you plan to add to the key database. If you select multiple entries, each must have a unique alias.
  6. Select the checkbox for the entry in the file you want to use.

    For a trusted certificate file in DER (binary) format, the file may contain one or more certificate entries. For a trusted certificate file in PEM (base 64) format, Federation Manager expects one certificate per file.

  7. Click Next to move to the Confirm step.

    The Entries to Import group box is displayed, showing the certificate information.

  8. Review the information and click Finish.

The certificate is imported into the key database.

Note: To synchronize the policy engine with the key database immediately after you add or update a new certificate, restart the Federation Manager services. Otherwise, the changes to the key database are not available until the policy engine and key database synchronize. The amount of time for the policy engine and key database to synchronize depends on the configured frequency. You can modify database updates by adjusting the DBUpdateFrequencyMinutes parameter in the smkeydatabase.properties file.