Exchanging signer certificates

To establish trust relationships, you can exchange signer certificates between keystores. When you exchange signer certificates, you are extracting a personal certificate from one keystore and adding it to another keystore as a signer certificate.

Before you begin

To exchange signer certificates, there must be two keystores.

About this task

Complete the following steps in the administrative console:

Procedure

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates.
  2. Select two keystores from the list of keystores.
  3. Click Exchange signers.
  4. Select any of the certificates in the first personal certificates list, and click Add.
    After adding, the signer part of the selected personal certificate appears in the other (second) keystore signers list.
  5. Select any of the certificates in the second personal certificates list, and click Add.
    After adding, the signer part of the selected personal certificate appears in the other (first) keystore signers list.
  6. Optional: If you need to remove any of the certificates from either of the signers lists, highlight one or more of the certificates, and click Remove.
  7. Click Apply and Save.

Results

The signer certificate appears in the list for each keystore.

What to do next

The extracted signer certificate is available to both keystores during the connection handshake.