CA SiteMinder® Federation Standalone Guide › Key and Certificate Management › Obtain a Key/Certificate Pair for Federated Transactions › Import a Key/Certificate Pair from an Existing File

Import a Key/Certificate Pair from an Existing File

If you do not have a key/certificate pair in the certificate data store, import one from an existing .p12 or .pfx file.

CA SiteMinder® Federation Standalone treats a certificate that you import as a trusted certificate. The exceptions are self-signed certificates:

• If the system identifies a V3 self-signed certificate as a CA certificate, the certificate is treated as a CA certificate. This behavior occurs even though you initiate the import from the Certificate/Private Key dialog.
• CA SiteMinder® Federation Standalone treats the certificate as a trusted certificate:
  • If CA SiteMinder® Federation Standalone does not identify a V3 self–signed certificate as a CA.
  • If the certificate is a V1 self–signed certificate.

Follow these steps:

1. Log in to the Administrative UI.
2. From the Certs & Keys tab, select Certificates and Private Keys.

   The View Certificates and Private Keys dialog opens.

3. Click Import New and follow the wizard.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

   Be aware of the following items as you complete the wizard:

   • You can import a single file with a key and certificate in it or separate key and certificate files. Select the appropriate option button for the file you are using.
   • To import a self-signed certificate as a Certificate Authority certificate, set the Use as CA option button to Yes. The certificate is imported as a CA certificate and is not available for when configuring partnerships (for example, for signing or encryption).

     Otherwise, accept the default No setting to import the certificate as a trusted certificate that is available when configuring partnerships.

   • For a trusted certificate file in DER (binary) format, the file can contain one or more certificate entries. For a trusted certificate file in PEM (base 64) format, CA SiteMinder® Federation Standalone expects one certificate per file.

     The standard extension for a file in DER or PEM format is *.crt or *.cer.

   • If you are using a .p12 file, you are required to fill in a password. CA SiteMinder® Federation Standalone processes a .p12 or .pfx file as a file containing key/certificate pairs.
   • For each entry you plan to add to the certificate data store, enter the alias you want to associate with that entry. If you select multiple entries, each requires a unique alias.
4. At the Confirm step, review the information and click Finish.

The key/certificate pair is imported into the certificate data store.