Managing the Certificate Database
The certificate or certificate chain you provide to the wizard for installation must
be in one of the data formats supported by the wizard. This is explained in "Data
Formats for Installing Certificates and Certificate Chains" on page 308.
Using the wizard to install a certificate or certificate chain involves the following
steps, described in detail on page 309:
•
Step 1. Select the Operation
•
Step 2. Select the Certificate or Certificate Chain
•
Step 3. Specify the Location of the Certificate
•
Step 4. View the Certificate or Certificate Chain
•
Step 5. Install the Certificate or Certificate Chain
•
Step 6. Verify the Certificate Status
Data Formats for Installing Certificates and Certificate Chains
The wizard can accept certificates and certificate chains in several data formats.
This section briefly explains the data formats recognized by the wizard.
Binary Formats
The wizard can recognize certificates and certificate chains in the following binary
formats:
•
DER-encoded certificate—This is a single binary DER-encoded certificate.
•
PKCS #7
significant field in the
signature and the contents are ignored. The PKCS #7 format allows multiple
certificates to be downloaded at once.
•
DER-encoded certificates—These are DER-encoded certificates that may or
may not be wrapped in a base-64 encoding package surrounded by the
delimiters
CERTIFICATE-----
•
Netscape Certificate Sequence—This is a simpler format for downloading
certificate chains. It consists of a
sequence of certificates. The value of the
netscape-cert-sequence
CertificateSequence ::= SEQUENCE OF Certificate
This format allows multiple certificates to be downloaded at once.
308
Netscape Certificate Management System Administrator's Guide • June 2003
objects—This is a
SignedData
SignedData
-----BEGIN CERTIFICATE-----
.
, while the content field is the following structure:
PKCS #7 SignedData
object is the certificate. In particular, the
and
-----END
PKCS #7 ContentInfo
contentType
object. The only
structure, wrapping a
field should be