Managing certificates

Managing certificates includes:

Note: If the user attempts to import a signed certificate response without importing the signing authority (CA) certificate first, an error message is displayed since the key store does not recognize the signing authority of the request.

To generate a CSR

You need to have a key store open and a key pair created before generating the CSR.

  1. In the menu bar, select MTJ -> Application Security or in the tool bar, select ..
    The Security Management for MTJ Applications window opens.

  2. Select the Key Management tab.

    Note: You have to open a key store before you can generate a CSR for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing keystores.

  3. Highlight the key pair for which you want to generate the CSR.
  4. Select Generate CSR.
    The Generate Certificate window opens.
  5. Define the name and save location for the CSR.
  6. Click OK.
    A confirmation window appears.
  7. Click OK.
    The system creates and stores the CSR in the location that you defined.

Note: MTJ creates the CSR, but it is your responsibility to send this certificate to a Certificate Authority (CA), which then sends you the Certificate Response and the certificate.

To import certificate

  1. In the menu bar, select MTJ -> Application Security or in the tool bar, select .
    The Security Management for MTJ Applications window opens.

  2. Select the Key Management tab.

    Note: You have to open a key store before you can import a certificate for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing key stores.

  3. Select Import Certificate.
    The Import Certificate window opens.
  4. In the Import Certificate window, define the certificate to be imported and click OK.
  5. In the Enter Alias window, define an alias for the certificate and click OK.
    The alias must be unique within the key store.
  6. Click OK.
    A confirmation window appears.
  7. Click OK.
    The certificate is imported into the key store and given an alias.

To import a certificate response

Note: Before you import a certificate response, you need to import the certificate.

  1. In the file menu, select MTJ -> Application Security or in the tool bar, select .
    The Security Management for MTJ Applications window opens.

  2. Select the Key Management tab.

    Note: You have to open a key store before you can import a certificate response for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing key stores.

  3. Highlight the key alias for which you want to import a response.
  4. Select Import Certificate Response.
    The Import Certificate window opens.
  5. In the Import Certificate window, define the certificate response to import and click OK.
    A confirmation window appears.
  6. Click OK.
    The certificate response is imported into the key store and identified with the given alias.
To access a Default ME Keystore
Before you import keys into the Default ME Keystore, define the location for the key store.
  1. In the menu bar, select MTJ -> Application Security or in the tool bar, select .
    The Security Management for MTJ Applications window opens.
  2. Select the Certificate Management tab.
    The     Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
  3. To define the key store, in the Default ME Keystore field, select Browse.
    The Specify an ME Keystore window opens.
  4. In the Specify an ME Keystore window, browse to the key store and click Open.
    For example, the path for the WTK tool's main key store is     WTK22\appdb\_main.ks
    The existing public keys of the root default key store are displayed in the     ME Keystore contents field.

You can now start importing public keys into the key store.

 
To import public keys into the Default ME Keystore
  1. In the menu bar, select MTJ -> Application Security or in the tool bar, select .
    The Security Management for MTJ Applications window opens.
  2. Select the Certificate Management tab.
    The     Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
  3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
    The Specify an ME Keystore window opens.
  4. In the Specify an ME Keystore window, browse to the key store and click Open.
  5. Select the Key Management tab:
    1. Open the key store which contains the certificate which you want to import into the Default ME Keystore.
    2. In the Key Aliases field, highlight the public key which you want to import into the Default ME Keystore.
  6. Select the Certificate Management tab.
    The Source Keystore and Alias to Import fields contain the path to the key store and the name of the key alias which you defined in step 5.
  7. In the Certificate to import field, select Import to Default ME Keystore.

The public key is added to the end of the list in the ME Keystore Contents field.

To delete public keys from the Default ME Keystore
  1. In the menu bar, select MTJ -> Application Security or in the tool bar, select .
    The Security Management for MTJ Applications window opens.
  2. Select the Certificate Management tab.
    The     Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
  3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
    The Specify an ME Keystore window opens.
  4. In the Specify an ME Keystore window, browse to the key store and click Open.
  5. In the ME Keystore Contents field, highlight the public key which you want to delete.
  6. Select Remove entry.

The chosen certificate is deleted from the Default ME Keystore.


Mobile Tools for the Java Platform


Managing applications
Managing security


Preferences