Installing the certificate on client systems

For the clients to trust a certificate, its public part needs to be distributed to the clients and stored in their key databases.

To install the certificate on client systems, do the following:

  1. Extract the public part to a file using the following command:

    gsk8capicmd_64 -cert -extract -db server.kdb -stashed -label "My self-signed certificate" -format ascii -target mycert.arm

  2. Distribute mycert.arm to the clients.
  3. Add the new certificate to the clients' key database as follows:

    gsk8capicmd_64 -cert -add -db client.kdb -stashed -label "Server self-signed certificate" -file mycert.arm -format ascii -trust enable

    The -db parameter specifies the name of the client's key database file. The -label parameter specifies the label to be used for the certificate inside the key database file. The -file parameter specifies the file containing the certificate to be imported.