Managing certificates

In MTJ, managing certificates includes:

• generating CSRs
  MTJ creates CSRs, but is not responsible for sending them to CAs.
• importing certificates into keystores
  You can import certificates from CA into a keystore, and specify a key alias for them. This has to be done before importing the signed certificate response from CA.
• importing certificate responses into keystores
  After you have imported the certificate, you can import the certificate response (the .cer file) into a keystore.
• managing Root Certificates in the default ME key store
  MTJ provides a default ME key store manager, where you can import CA's public keys.

Note: If the user attempts to import a signed certificate response without importing the signing authority (CA) certificate first, an error message will be displayed since the keystore will not recognize the signing authority of the request.

To generate a CSR

You need to have a key store open and a key pair created before generating the CSR.

1. In the file menu, select MTJ -> Application Security.
   The Security Management for MTJ Applications window opens.
   
   

2. Select the Key Management tab.

   Note: You have to open a key store before you can generate a CSR for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing keystores.

3. High-light the key pair for which you want to generate the CSR for.
4. Select Generate CSR.
   The Generate Certificate window opens.
5. Define the name and save location for the CSR.
6. Click OK.
   A confirmation window appears.
7. Click OK.
   The system creates and stores the CSR in the location that you defined.

Note: MTJ creates the CSR, but it is your responsibility to send this certificate to a Certificate Authority (CA), which will then send you the Certificate Response and the certificate.

To import certificate

1. In the file menu, select MTJ -> Application Security .
   The Security Management for MTJ Applications window opens.

2. Select the Key Management tab.

   Note: You have to open a key store before you can import a certificate for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing keystores.

3. Select Import Certificate.
   The Import Certificate window opens.
4. In the Import Certificate window, define the certificate to be imported and click OK.
5. In the Enter Alias window, define an alias for the certificate and click OK.
   The alias must be unique within the keystore.
6. Click OK.
   A confirmation window appears.
7. Click OK.
   The certificate is imported into the key store and given an alias.

To import a certificate response

Note: Before you can import a certificate response, you need to import the certificate.

1. In the file menu, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.

2. Select the Key Management tab.

   Note: You have to open a key store before you can import a certificate response for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing keystores.

3. High-light the key alias for which you want to import a response.
4. Select Import Certificate Response.
   The Import Certificate window opens.
5. In the Import Certificate window, define the certificate response to import and click OK.
   A confirmation window appears.
6. Click OK.
   The certificate response is imported into the key store and identified with the given alias.

1. In the file menu, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To define the keystore, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the keystore and click Open.
   For example, the path for the WTK tool's main keystore is WTK22\appdb\_main.ks
   The existing public keys of the root default keystore are displayed in the ME Keystore contents field.
   

You can now start importing public keys into the keystore.

1. In the file menu, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the keystore and click Open.
5. Select the Key Management tab:
1. Open the keystore which contains the certificate which you want to import into the Default ME Keystore.
2. In the Key Aliases field, highlight the public key which you want to import into the Default ME Keystore.
6. Select the Certificate Management tab.
   The Source Keystore and Alias to Import fields contain the path to the keystore and the name of the key alias which you defined in step 5.
7. In the Certificate to import field, select Import to Default ME Keystore.

The public key is added to the end of the list in the ME Keystore Contents field.

1. In the file menu, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the keystore and click Open.
5. In the ME Keystore Contents field, highlight the public key which you want to delete.
6. Select Remove entry.

The chosen certificate is deleted from the Default ME Keystore.

Mobile Tools for Java Platform

Managing applications
Managing security

Preferences