Installing the root certificate for a third-party certificate authority

Instead of setting up its own certificate authority (CA), a company may use a third-party certificate authority to sign its server certificates. The client and server must have access to the third-party CA's root certificate to verify the server certificates that are signed by the third-party CA.

About this task

The following steps describe how to install a root certificate with the OpenSSL toolkit and openssl commands. However, you can use a different key management tool of your choice.

Procedure

Run the following command:
openssl pkcs12 -export -nokeys -in ca-cert.pem -name [name of cert in keystore] -out keystore.p12 
Note: If the PKCS12 keyring file was created and a private key generated, use -inkey privkey.pem rather than -nokeys