Auto import intermediate and root certificates

This topic is helpful when you want to automatically import intermediate and root certificates not already available in Activator. This is an uncommon case most users do not encounter.

To successfully trade using CA-issued certificates, Activator must be able to establish the chain of trust running through end-entity, intermediate and root certificates. This is why Activator is pre-loaded with many intermediate and root certificates issued by various CAs. These certificates are available for trusting upon importing end-entity certificates containing public-private encryption key pairs or only public keys.

The pre-loaded intermediate and root certificates are located in <install directory>\conf\ certs. The following figure shows part of the certs directory hierarchy on a Windows file system. Certificates are organized by CA. Each CA folder has a Root subdirectory and, if needed, an Intermediate subdirectory. These certificates are added to the database upon starting the server the first time. If certificates are added, these are added to the database when the server is re-started. See the following <install directory>\conf\certs:

<install directory>\conf\certs path

To add certificates, copy the files to the directory for the appropriate CA. If a CA is not already represented, add a directory for it.

Typically, root certificates have extensions of .cer, .crt or .der. Add root certificates to the Root directory for the appropriate CA. Intermediate certificates should have extensions of .p7b or .p7c. An intermediate certificate should contain both the intermediate certificate and the root certificate.

Activator ignores any files in the certs directory with extensions other than .cer, .crt, .der, .p7b and .p7c. So you can add readme files if you want to document added certificate files.

Errors or warnings that occur when certificates are imported are written to the server.log file.

Related topics

Related Links