Import Certificate to Key Manager

To import a certificate to the Key Manager:

1. Create an NAESession object (session).

2. Create a FileInputStream object (fis) to read the data from a certificate file (filename).

3. Put the contents of the FileInputStream into a byte array (certData).

4. Close the stream.

5. Create an NAEParameterSpec object (spec).

6. Pass the NAEParameterSpec object to a call to NAECertificate.importCertificate. (importCertificate is static, so it doesn't need an instance of the class.) This creates the certificate on the Key Manager. The certificate format can be either PEM or PKCS#12. This format is automatically detected by the Key Manager - there is no need to (and no way to) specify it. If the certificate is in PKCS#12 format, the second argument must be the password (in a char array).

Code sample

NAESession session = NAESession.getSession("userOne", "1234".toCharArray());
FileInputStream fis = new FileInputStream(filename);
byte[] certData = new byte[fis.available()];
fis.read(certData);
fis.close();
NAEParameterSpec spec = new NAEParameterSpec("CertOne", true, true, session);
NAECertificate.importCertificate(certData, null, spec);

When the imported certificate includes the private key and the signing CA is also on the Key Manager, the certificate can be used for encryption, decryption, signing ,and sign verification operations. If only the public key and the signing CA are available, then the certificate can only be used to encrypt data and verify signatures. Without the signing CA, the certificate can only be imported and exported.

For the Key Manager to use the CA, it must be included in the Trusted CA List Profiles section on the Certificate and CA Configuration page. When the signing CA is present on the Key Manager, the certificate must be validated before being imported. Import will fail for invalid certificates.