Import Entrust certificate

Use this procedure if you selected acquire Entrust certificates in step 3 of Set up certificates for a community.

The following are the steps for importing a new Entrust certificate into Activator. Before you can use this procedure, you must consult with your organization's Entrust administrator about the information required to connect with the Entrust/PKI server and import a new or updated certificate for your community.

Activator fulfills a client role in supporting the certificate management tasks of an Entrust server. The prerequisites for this client-server relationship are your Entrust server and a person who is designated as your organization's Entrust administrator. Lacking these two requirements, your organization cannot use Entrust certificates in exchanging documents with your trading partners through Activator.

Activator enables an organization with an Entrust/PKI server to create Entrust X.509 certificates.

The following describes the certificate-generation process involving Activator and the Entrust server.

After Activator creates the key pair for signing documents, the application hands the public key to the Entrust server. The Entrust server creates the signing certificate and passes the certificate to Activator. The public key is within the certificate. Activator retains the private signing key. The private signing key is not disclosed to the Entrust server; the private key remains secure within Activator. This guarantees security integrity.

Meanwhile, the Entrust server creates the encryption key pair and creates an encryption certificate, which includes the public key. The Entrust server passes to Activator the encryption key pair and the encryption certificate.

1. On the first certificate wizard page, select Retrieve a certificate from a certificate authority and click Next to display the certificate authority selection page.
2. Select Entrust V.7.1 (CMP).

3. Click Next to display the certificate wizard Entrust server information page.

4. Complete the host and port fields for importing the certificate. Consult with your organization’s Entrust administrator to obtain the information.
5. Click Next to display the Entrust reference and authorization page.

6. Complete the reference and authorization fields for importing the certificate. Consult with your organization’s Entrust administrator to obtain the information.
7. Click Next to display the certificate review request page.

8. Review the information on the page. Click Back to change any information or click Next to acquire a certificate.
9. If there is a check box for Send certificate exchange messages to partners, see Replace certificates automatically for information about CEM and SCX certificate exchanges.

10. Click Finish. The certificates page reappears, displaying the new certificate.
11. If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by e‑mail or some secure means. This can be done by exporting your certificate as part of your community. See Back up a community as a partner.
12. If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
13. Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical. For more information see MD5 and SHA1 fingerprints.

Related topics

• Manage certificates
• Certificates search results page
• Certificates pages
• Add a certificate
• Set up certificates for a community
• Generate self-signed certificates
• Import RSA Keon certificate
• Import key pair in certificate file
• Import certificates for partners
• Export a certificate to a file
• Globally prohibit exporting private keys
• Delete certificate
• Manage certificate revocation lists (CRLs)
• Analyze certificates for errors
• Collect data about certificates