Installing the root certificate for a third-party certificate authority
Instead of setting up its own certificate authority (CA), a company may use a third-party certificate authority to sign its server certificates. The client and server must have access to the third-party CA's root certificate to verify the server certificates that are signed by the third-party CA.
About this task
The following steps describe how to install a root certificate with the OpenSSL
toolkit and openssl
commands. However, you can use a different key
management tool of your choice.
Procedure
Run the following command:
openssl pkcs12 -export -nokeys -in ca-cert.pem -name [name of cert in keystore] -out keystore.p12
Note: If the PKCS12 keyring file was created and a private key generated, use
-inkey privkey.pem
rather than
-nokeys