The System Security Officer installs signed server certificates and private keys in the server. You can get a server certificate by using third-party tools provided with existing public-key infrastructure already deployed in the customer environment.
To obtain a certificate, you must request a certificate from a CA.If you request a certificate from a third-party and that certificate is in PKCS #12 format, use the certpk12 utility to convert the certificate into a format that is understood by Open Client . For more information about certpk12, see Open Client and Open Server Configuration Guide for UNIX
The main steps to creating a certificate for use with a server are:
Generate the certificate request.
Generate the public and private key pair.
Securely store the private key.
Send the certificate request to the CA.
After the CA signs and returns the certificate, append the private key to the certificate.
Store the certificate in the server’s installation directory.
