Loading Known Certificates

The FWD server uses two kinds of certificate: the root certificate associated with certificate authorities (CAs) and peer certificates. Each peer certificate is associated with a specific account (a user, process or server). When that entity connects to the FWD server, the certificate sent will be matched and if it is valid, a FWD session will be started with the security context set to the associated account. Each root CA certificate is used to verify and establish trust for peer certificates, since each peer certificate must have been issued and signed by a trusted CA.

The directory contains a list of each type of certificate. The root CA certificates are enumerated as child elements of the /security/certificates/cas/ branch. The peer certificates are enumerated as child elements of the /security/certificates/peers/ branch.

The administration client has a simple interface to load (import) certificates into the proper location of the directory. This avoids using the LoadCert class documented in the Certificate Authority and Key-Stores and Trust-Stores chapters of Part 2.

[CA] If the FWD cryptography tool is used to automatically generate the root CA and associated peer certificates, then the instructions described in this chapter need to be followed only when additional peer certificates need to be added. Details about how to automatically generate the self-signed root CA and the peer certificates can be found in the FWD Cryptography Tool chapter of this book. [/CA]

To access this interface, choose Accounts then Certificates from the main menu.

This will bring up the main Certificates Management screen similar to the following:

By default, the CA Certificates radio button will be selected. This means that the screen is currently used to manage root CA certificates. To switch into the mode of managing peer certificates, select the Peer Certificates radio button. The Defined Certificates and Certificate Hierarchy portions of the screen will change to reflect a different list of certificates each time one of these radio buttons is selected.

The following image depicts the selection of the Peer Certificates radio button:

Once the proper list of certificates is selected, press the Add Certificate button to bring up the following Certificate Definition dialog:

Enter the name of the certificate in the Alias field. Use the clipboard to copy and paste the entire contents of the certificate into the PEM data field. The following is an example of the certificate contents to be pasted:


Make sure to paste everything including the -----BEGIN CERTIFICATE----- and the -----END CERTIFICATE----- text. Use any text editor to copy the text directly from the .pem certificate file (see the Certificate Authority and Key-Stores and Trust-Stores chapters of Part 2 for details on how to create both types of certificates.

If the CA Certificates radio button was selected when the Add Certificate button was pressed, the certificate will be added as an additional root CA certificate which will be stored in the /security/certificates/cas/ branch of the directory. If the Peer Certificates radio button was selected, then the certificate would be added to the /security/certificates/peers/ branch of the directory. Either way, the list is visible on the administration client screen and can be managed from there.

© 2004-2017 Golden Code Development Corporation. ALL RIGHTS RESERVED.