Import RSA Keon certificate

Use this procedure if you selected acquire an RSA Keon certificate in step 3 of Set up certificates for a community.

Use the following steps to import an RSA Keon certificate into Activator and associate it with a community. Before you can use this procedure, you must consult with your organization’s RSA Keon certificate authority administrator about the information required to connect with the Certificate Management Protocol (CMP) server and import a certificate for your community.

The CMP server must be running for Activator to acquire a certificate. Further, the RSA Keon Certificate Authority system must be configured for automatic vetting of CMP requests. For details see the certificate enrollment protocols chapter in the RSA Keon Certificate Authority user documentation.

In this process Activator generates the private-public key pair. The RSA Keon Certificate Authority system creates the certificate and certifies your organization as the owner of the public key.

  1. On the first certificate wizard page, select Retrieve a certificate from a certificate authority and click Next to display the certificate authority selection page.
  1. Select RSA Keon (CMP) and click Next to display the RSA Keon host and port page.
  1. Complete the host and port fields for importing the certificate. Consult with your organization’s RSA Keon administrator to obtain the information.
  2. Click Next to display the key ID and shared secret page.
  3. Using the information provided to you, complete the fields for importing the certificate. Type this information in the key ID and shared secret fields.
  4. Click Next to display the certificate review request page.
  5. Review the information on the page. Click Back to change any information or click Next to import the certificate.
  6. If the option Send certificate exchange messages to partners is displayed, see Replace certificates automatically for information about CEM and SCX certificate exchanges.
  7. This option is displayed only if:
    • There is an A2 trading pickup correctly defined on the community.
    • The community is completely and correctly defined.
    • The community's default pickup allows certificate exchanges.
    • The partner with whom the community is trading has an A2 default delivery that allows certificate exchanges.
  8. Click Finish. The certificates page reappears, displaying the new certificate.
  9. If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by e‑mail or some secure means. This can be done by exporting your certificate as part of your community. See Back up a community as a partner.
  10. If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
  11. Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical.

Related Links