Import a Certificate
You can import certificates from a PKCS#12 keystore into the internal trust store of the . Certificates can be imported as trust anchors and you can optionally import the entire certificate chain.
You can import certificates from a PKCS#12 keystore into the internal trust store of the
API Gateway. Certificates can be imported as trust anchors and you can optionally import the entire certificate chain.
To import certificates:
- In the Policy Manager, select[Tasks] > Certificates, Keys, and Secrets > Manage Certificatesfrom the Main Menu. The Manage Certificates dialog appears.
- Click [Import].
- Navigate to the PKCS#12 keystore file (.p12 or *.pfx) and then click [Load].
- Enter the keystore password when prompted and then click [OK]. The Import Certificates dialog appears, displaying all the certificates in the keystore.
- Review the certificates to be imported. Remove the ones that you do not wish to import.
- To examine a certificate's details before importing, click [View] when only one certificate is selected.
- To exclude a certificate from being imported, select it and then click [Remove]. You can select multiple certificates for removal by holding down the [Shift] or [Ctrl] keys.The certificate is only removed from the import list—it isnotremoved from the keystore.
- Choose the following import options as necessary:
- [Import as Trust Anchor]: Select this check box to import the certificates as trust anchors—a starting point from which trust is established. For more information about trust anchors, see Trust Anchors under Manage Certificate Validation.
- [Import certificate chain]: Select this check box to import the full certificate chain (if any) along with the certificate. If both[Import as Trust Anchor] and [Import certificate chain] are selected, only the last entry in the chain (i.e., the highest level CA in the chain) is imported as the trust anchor. For more information about certificate chains, see Private Key Properties.
- Click [OK] to import the certificates. Depending on the number of certificates selected and the speed of the network, it may take a moment for the import to complete.If a certificate could not be imported for whatever reason (already exists, keystore is corrupt, etc.), this will be listed in an error message.After importing a certificate, you should review its properties to ensure everything is in order. In particular, you may need to specify a certificate usage option. For more information, see the [Options] tab under Editing a Certificate.