After creating a digital certificate, the owner must sign it to prevent forgery. E-commerce sites, or those for which authentication of identity is important can purchase a certificate from a well-known Certificate Authority (CA). If authentication is not a concern, for example if private secure communications is all that is required, save the time and expense involved in obtaining a CA certificate and use a self-signed certificate.
To use a digital certificate signed by a CA:
Save the certificate in the directory containing the server keystore and trust-store files, by default install_dir/domains/
domain-dir/config
directory. See "Changing the Location of Certificate Files" for instructions on changing this location.
certutil
to import the certificate into the local keystore and, if necessary, the local trust-store.
For complete information about using certutil
, see the certutil
documentation at:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
See also: