Managing certificates

Managing certificates includes:

• generating Certificate Signing Request (CSR)
  MTJ creates CSRs, but is not responsible for sending them to Certificate Authority (CA).
• importing certificates into key stores
  You can import certificates from CA into a key store, and specify a key alias for them. This has to be done before importing the signed certificate response from CA.
• importing certificate responses into key stores
  After you have imported the certificate, you can import the certificate response (the .cer file) into a key store.
• managing Root Certificates in the default ME key store
  MTJ provides a default ME key store manager, where you can import CA's public keys.

Note: If the user attempts to import a signed certificate response without importing the signing authority (CA) certificate first, an error message is displayed since the key store does not recognize the signing authority of the request.

To generate a CSR

You need to have a key store open and a key pair created before generating the CSR.

1. In the menu bar, select MTJ -> Application Security.
   The Security Management for MTJ Applications window opens.
   
   

2. Select the Key Management tab.

   Note: You have to open a key store before you can generate a CSR for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing key stores.

3. Highlight the key pair for which you want to generate the CSR.
4. Select Generate CSR.
   The Generate Certificate window opens.
5. Define the name and save location for the CSR.
6. Click OK.
   A confirmation window appears.
7. Click OK.
   The system creates and stores the CSR in the location that you defined.

Note: MTJ creates the CSR, but it is your responsibility to send this certificate to a Certificate Authority (CA), which then sends you the Certificate Response and the certificate.

To import certificate

1. In the menu bar, select MTJ -> Application Security .
   The Security Management for MTJ Applications window opens.

2. Select the Key Management tab.

   Note: You have to open a key store before you can import a certificate for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing key stores.

3. Select Import Certificate.
   The Import Certificate window opens.
4. In the Import Certificate window, define the certificate to be imported and click OK.
5. In the Enter Alias window, define an alias for the certificate and click OK.
   The alias must be unique within the key store.
6. Click OK.
   A confirmation window appears.
7. Click OK.
   The certificate is imported into the key store and given an alias.

To import a certificate response

Note: Before you import a certificate response, you need to import the certificate.

1. In the file menu, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.

2. Select the Key Management tab.

   Note: You have to open a key store before you can import a certificate response for it. If the key store you want is not active in the Location field, open the right key store as instructed in Managing key stores.

3. Highlight the key alias for which you want to import a response.
4. Select Import Certificate Response.
   The Import Certificate window opens.
5. In the Import Certificate window, define the certificate response to import and click OK.
   A confirmation window appears.
6. Click OK.
   The certificate response is imported into the key store and identified with the given alias.

1. In the menu bar, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To define the key store, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the key store and click Open.
   For example, the path for the WTK tool's main key store is WTK22\appdb\_main.ks
   The existing public keys of the root default key store are displayed in the ME Keystore contents field.
   

You can now start importing public keys into the key store.

1. In the menu bar, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the key store and click Open.
5. Select the Key Management tab:
1. Open the key store which contains the certificate which you want to import into the Default ME Keystore.
2. In the Key Aliases field, highlight the public key which you want to import into the Default ME Keystore.
6. Select the Certificate Management tab.
   The Source Keystore and Alias to Import fields contain the path to the key store and the name of the key alias which you defined in step 5.
7. In the Certificate to import field, select Import to Default ME Keystore.

The public key is added to the end of the list in the ME Keystore Contents field.

1. In the menu bar, select MTJ -> Application Security
   The Security Management for MTJ Applications window opens.
2. Select the Certificate Management tab.
   The Certificate Management tab is available only if your current signing tool supports Root Certificate Management.
3. To open the Default ME Keystore, in the Default ME Keystore field, select Browse.
   The Specify an ME Keystore window opens.
4. In the Specify an ME Keystore window, browse to the key store and click Open.
5. In the ME Keystore Contents field, highlight the public key which you want to delete.
6. Select Remove entry.

The chosen certificate is deleted from the Default ME Keystore.

Mobile Tools for the Java Platform

Managing applications
Managing security

Preferences