Sun ONE 6.x

When you receive your Digi-SSL™ certificate back from Digi-Sign, it will be encrypted with your public key so that only you can decrypt it. Only by entering the correct password for your trust database, can you decrypt and install your certificate.

There are three types of certificates:

• Your own server's certificate to present to clients
• A Digi-Sign CA certificate for use in a certificate chain
• A trusted CA's certificate (commonly referred to as the Root CA certificate)

A certificate chain is a hierarchical series of certificates signed by successive certificate authorities. A CA certificate identifies a certificate authority (CA) and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA, and so on, up to a Root CA.

The server will use the key-pair file password you specify to decrypt the certificate when you install it. You can either save the certificates somewhere accessible to the server, or copy them in a text format and be ready to paste them into the Install Certificate form, as described here.

Installing a Certificate

To install a certificate, perform the following steps:

1. Access either the Administration Server or the Server Manager and choose the Security tab.

For the Server Manager you must first select the server instance from the drop-down list.

2. Click the Install Certificate link.

3. Check the type of certificate you are installing:

• This Server is for a single certificate associated only with your server
  (your Digi-SSL certificate™).
• Server Certificate Chain is for a Digi-Sign CA certificate to include in a certificate chain.

Digi-Sign provides Digi-SSL™ certificates signed by either of the following CAs:

Digi-Sign CA Digi-SSL Xs
Digi-Sign CA Digi-SSL Xp

In the email from Digi-Sign, you will find the correct CA certificate to use for the installation.

• Trusted Certificate Authority (CA) is for a certificate of a CA that you want to accept as a trusted CA.

Digi-Sign provides Digi-SSL™ certificates, that inherit trust from the UTN-USERFirst-Hardware Root CA globally recognized as a trusted Certification Authority. In the email from Digi-Sign, you will find the correct Root CA certificate to use for the installation.

4. Select the Cryptographic Module from the drop-down list.

5. Enter the Key-Pair File Password.

6. Leave the a name for the certificate field blank if it is to be the only one used for this server instance, unless:

• Multiple certificates will be used for virtual servers
  Enter a certificate name unique within the server instance
• Cryptographic modules other than internal are used
  Enter a certificate name unique across all server instances within a single cryptographic module

If a name is entered, it will be displayed in the Manage Certificates list, and should be descriptive. When no certificate name is entered, the default value is applied.

7. Select either:

• Message is in this file and enters the full pathname to the saved certificate
• Message text (with headers) and paste the certificate text
  If you copy and paste the text, be sure to include the headers "Begin Certificate"
  and "End Certificate"—including the beginning and ending hyphens.

8. Click OK.

9. Select either:

• Add Certificate if you are installing a new certificate.
• Replace Certificate if you are installing a certificate renewal or replacing an existing certificate.

10. Repeat steps from point 2 to 9 for each individual certificate you received from Digi-Sign and ensure you select the correct certificate type, that you are installing. We recommend, that you install certificates in the following order:

• Trusted Certificate Authority (CA)
• Server Certificate Chain
• This Server (certificate)

11. For the Server Manager, click Apply, and then Restart for changes to take effect.

The certificate is stored in the server's certificate database. The filename will be:
-cert7.db. For example: https-serverid-hostname-cert7.db