Import RSA Keon certificate

Use this procedure if you selected acquire an RSA Keon certificate in step 3 of Set up certificates for a community.

The following are the steps for importing an RSA Keon certificate into Activator and associating it with a community. Before you can use this procedure, you must consult with your organization’s RSA Keon certificate authority administrator about the information required to connect with the Certificate Management Protocol (CMP) server and import a certificate for your community.

The CMP server must be running for Activator to acquire a certificate. Further, the RSA Keon Certificate Authority system must be configured for automatic vetting of CMP requests. For details see the certificate enrollment protocols chapter in the RSA Keon Certificate Authority user documentation.

In this process Activator generates the private-public key pair. The RSA Keon Certificate Authority system creates the certificate and certifies your organization as the owner of the public key.

1. On the first certificate wizard page, select Retrieve a certificate from a certificate authority and click Next to display the certificate authority selection page.

2. Select RSA Keon (CMP) and click Next to display the RSA Keon host and port page.

3. Complete the host and port fields for importing the certificate. Consult with your organization’s RSA Keon administrator to obtain the information.
4. Click Next to display the key ID and shared secret page.

5. Using the information provided to you, complete the fields for importing the certificate. Type this information in the key ID and shared secret fields.
6. Click Next to display the certificate review request page.

7. Review the information on the page. Click Back to change any information or click Next to import the certificate.
8. If there is a check box for Send certificate exchange messages to partners, see Replace certificates automatically for information about CEM and SCX certificate exchanges.
9. Click Finish. The certificates page reappears, displaying the new certificate.
10. If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by e‑mail or some secure means. This can be done by exporting your certificate as part of your community. See Back up a community as a partner.
11. If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
12. Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical. For more information see MD5 and SHA1 fingerprints.

Related topics

• Manage certificates
• Certificates search results page
• Certificates pages
• Add a certificate
• Set up certificates for a community
• Generate self-signed certificates
• Import Entrust certificate
• Import key pair in certificate file
• Import certificates for partners
• Export a certificate to a file
• Globally prohibit exporting private keys
• Delete certificate
• Manage certificate revocation lists (CRLs)
• Analyze certificates for errors
• Collect data about certificates