Import key pair in certificate file

Use this procedure if you selected to import a certificate and private key from a file in step 3 of Set up certificates for a community.

The following are the steps for importing a third-party CA certificate into Activator and associating it with a community. Such a certificate file contains both the public and private keys. Before you can use this procedure, you must perform the following tasks:

  • Obtain a certificate from a certificate authority such as VeriSign.
  • Export the certificate from a browser or mail client to a file. Assign a password when exporting the file; you need this same password upon importing the file.
  • Export both the public and private keys with the certificate. A certificate file with both keys is a P12 or PFX file.
  • If you export the certificate from Microsoft Outlook or Internet Explorer, select the option “include all certificates in the certification path if possible.” You want the exported file to include the entire chain of trust.

If Activator cannot import a P12 certificate file, import the file in Internet Explorer, making sure to mark the private key as exportable when you do so. When you have imported the certificate, view the certification path to verify that the entire path is present. Export the certificate with the private key and include all certificates in the certification path. Then try again to import the P12 file in Activator.

  1. On the first certificate wizard page, select Import a certificate and private key from a file and click Next to display the locate the certificate file page.
  1. To locate the PKCS#12 file containing your certificate, click Browse to display the Browse dialog box.
  2. Locate and select the certificate file. The file must have an extension of .pfx or .p12. Click Open and the certificate file location certificate page reappears.
  3. Type the same password you used when you exported the certificate file from a browser or mail client.
  4. Click Next to display the certificate details page.
  1. If you want, type a name for the certificate in the Name field. This name can help you tell one certificate from another. By default the system uses the CA name as the certificate name.
  2. Certificate default options:
    • To make the certificate your default signing certificate, click Make this the default signing certificate. This option is selected by default.
    • To make the certificate your default encryption certificate, click Make this the default encryption certificate. This option is selected by default. See SSL authentication.
  3. If the option Send certificate exchange messages to partners is displayed, see Replace certificates automatically for information about CEM and SCX certificate exchanges.
  4. This option is displayed only if:
    • There is an A2 trading pickup correctly defined on the community.
    • The community is completely and correctly defined.
    • The community's default pickup allows certificate exchanges.
    • The partner with whom the community is trading has A2 default delivery that allows certificate exchanges.
  5. Review the certificate information on the page. Click Finish to import the certificate.
  6. After the certificate is imported, the certificates page reappears, displaying the new certificate.
  7. If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by e‑mail or some secure means. This can be done by exporting your certificate as part of your community. See Back up a community as a partner.
  8. If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
  9. Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical.

Related Links