Distributing the CA root certificate to clients
For your clients to validate the signed certificate that they receive from the server during an SSL connection, they must trust your Certificate Authority. This achieved by installing the CA root certificate on the clients.
Procedure
- Transfer the CA root certificate to clients. see the ca.arm file created when you issued a server certificate with a CA.
-
Add the CA root certificate to the client key database and enable trust as follows:
gsk8capicmd_64 -cert -add -db client.kdb -stashed -label "My CA root" -file ca.arm -format ascii -trust enable
The -db parameter specifies the client's key database file to store the CA's root certificate. The -file parameter specifies the file that contains the CA's root certificate.