|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638" xml:lang="en"><title>Importing |
|
13 Certificates</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>The Symbian certstore allows two types of certificates to be imported: |
|
15 root certificates and user certificates. </p> |
|
16 <p>Please note that certificates must be in DER format to be imported. Also, |
|
17 the absolute path to the certificate file must be given regardless of the |
|
18 current directory in the shell. For example, if you are in the directory c:\temp |
|
19 which contains mycert.der, to import the certificate you must issue the command: </p> |
|
20 <p><userinput>certtool –import c:\temp\mycert.der</userinput> </p> |
|
21 <p>A certificate always has a label associated with it. A label can be specified |
|
22 during the import operation with the –label option, if this option is not |
|
23 present, the full path to the certificate file is taken as label. Labels must |
|
24 be unique within a specific certstore implementation. If a label is not unique, |
|
25 an error occurs. For instance, if the certstore contains a certificate with |
|
26 label abc: </p> |
|
27 <p><userinput>certtool –list abc</userinput> </p> |
|
28 <codeblock id="GUID-685BAF1F-36A2-5725-B3A4-73EB1E916233" xml:space="preserve">Symbian OS CertStore Manipulation Tool |
|
29 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
30 Label: abc Format: WTLS Owner Type: Root (CA) |
|
31 Issuer Name: Limited Liability Subject Name: Limited Liability |
|
32 Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 |
|
33 Trusted for Applications: </codeblock> |
|
34 <p>If you try to import a certificate with the same label, an error occurs. </p> |
|
35 <codeblock id="GUID-066EACF2-C947-51B7-A6DB-CCEAD7679720" xml:space="preserve">c:\>certtool –label abc –import c:\certstore\ent-wtls2.cer |
|
36 Symbian OS CertStore Manipulation Tool |
|
37 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
38 The given label is invalid, or already present in the certstore. |
|
39 Label: abc Format: WTLS Owner Type: Root (CA) |
|
40 Issuer Name: Limited Liability Subject Name: Limited Liability |
|
41 Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 |
|
42 Trusted for Applications: </codeblock> |
|
43 <p>However, this happens because of the attempt made to insert the certificate |
|
44 in a certstore implementation where the same label already exists. Certstore |
|
45 implementation is not specified for use in a command. It is possible to insert |
|
46 the certificate with label abc in the certstore implementation with index |
|
47 1 (Index 0 is used by default). </p> |
|
48 <p><userinput>certtool –label abc –store 1 –import c:\certstore\ent-wtls2.cer</userinput> </p> |
|
49 <codeblock id="GUID-F16C6BA0-9408-50E1-B525-275F2C020B99" xml:space="preserve">Symbian OS CertStore Manipulation Tool |
|
50 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
51 Certificate imported successfully. |
|
52 Label: abc Format: WTLS Owner Type: Root (CA) |
|
53 Issuer Name: Limited Liability Subject Name: Limited Liability |
|
54 Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 |
|
55 Trusted for Applications: </codeblock> |
|
56 <p><b>Importing root certificates </b> </p> |
|
57 <p>Root certificates typically belong to a certificate authority (CA) and |
|
58 a number of them are present on a final product. Root certificates are used |
|
59 to verify the authenticity of signed content. Root certificates are self-signed, |
|
60 and often termed top-level certificates. </p> |
|
61 <p>All the examples in the previous sections referred to root certificates. </p> |
|
62 <p>A certificate is imported as a CA root certificate if and only if the corresponding |
|
63 private key cannot be found in the keystore. </p> |
|
64 <p><b>Importing user certificates </b> </p> |
|
65 <p>User certificates belong to the phone owner. Using user certificate, the |
|
66 phone owners can authenticate themselves. For example, during SSL/TLS, the |
|
67 owner can perform client authentication. To import a user certificate both |
|
68 the certificate and its corresponding private key must be stored in the Symbian |
|
69 keystore. </p> |
|
70 <p>If the private key corresponding to a given certificate is already present |
|
71 in the Symbian keystore, the certificate will be automatically imported as |
|
72 a user certificate. </p> |
|
73 <p>Assume that the private DSA key corresponding to the certificate stored |
|
74 in dsa_cert1.der is present in the Symbian keystore. The following command |
|
75 imports the certificate as a user certificate: </p> |
|
76 <p><userinput>certtool –label abc –import c:\certstore\data\dsa_cert1.der</userinput> </p> |
|
77 <codeblock id="GUID-8343DE09-42AE-597C-B0B5-66A29E85C1FE" xml:space="preserve">Symbian OS CertStore Manipulation Tool |
|
78 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
79 Certificate imported successfully. |
|
80 Label: abc Format: X509 Owner Type: User |
|
81 Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd |
|
82 Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Sat 01st Aug 2009 |
|
83 Trusted for Applications: </codeblock> |
|
84 <p>If the private key is not already present in the keystore, the same command |
|
85 imports the certificate as a CA certificate. </p> |
|
86 <p>Keytool can be used to include private keys in the Symbian keystore. Alternatively, |
|
87 if you only want to include a user certificate, point to a DER-encoded PKCS8 |
|
88 file containing the key using the <codeph>-private</codeph> option. After |
|
89 importing the key, <codeph>certtool</codeph> will make the owner of the key |
|
90 as "WriteDeviceData", so that keytool will able to manipulate the key, performing |
|
91 actions such as <codeph>remove</codeph> or <codeph>setuser</codeph>. </p> |
|
92 <p>Assume the DSA private key corresponding to the certificate stored in <filepath>dsa_cert1.der</filepath> is |
|
93 not present in the keystore and that the required DSA private key is stored |
|
94 in pkcs8 DER-encoded format in the file <filepath>pkcs8dsa1.001</filepath>. </p> |
|
95 <p><userinput>certtool –label abc –private c:\certstore\data\pkcs8dsa1.001 |
|
96 –import c:\certstore\data\dsa_cert1.der </userinput> </p> |
|
97 <codeblock id="GUID-801FA528-BC21-5807-9CB4-AC2E46B7D645" xml:space="preserve">Symbian OS CertStore Manipulation Tool |
|
98 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
99 Certificate imported successfully. |
|
100 Label: abc Format: X509 Owner Type: User |
|
101 Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd |
|
102 Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Wed 01st Jul 2009 |
|
103 Trusted for Applications: </codeblock> |
|
104 <p>Note: Either <filepath>secdlg</filepath> or <filepath>tsecdlg</filepath> need |
|
105 to be in <filepath>\epoc32\release\winscw\udeb</filepath>. However, if both |
|
106 of them are present in the specified location, it will cause a panic. </p> |
|
107 <p>In addition, the corresponding DSA key is inserted in the keystore with |
|
108 the same label as the certificate. </p> |
|
109 <p><userinput>keytool –d –list abc</userinput> </p> |
|
110 <codeblock id="GUID-BBF41E07-B425-5D8E-9C66-D235B6030714" xml:space="preserve">Symbian OS KeyStore Manipulation Tool |
|
111 Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
112 Algorithm: DSA Size: 512 bits |
|
113 Usage: PKCS15 Sign Code: 0x4 |
|
114 User: No Users registered. |
|
115 Access flags: Extractable |
|
116 ID: c0 fa d9 … |
|
117 Label: abc |
|
118 Native: Yes |
|
119 Start date: not set End data: not set</codeblock> |
|
120 </conbody><related-links> |
|
121 <link href="GUID-88EC0D74-5595-5FA8-B7BA-B914CC8022FB.dita"><linktext>Listing Contents |
|
122 of Certificate Stores</linktext></link> |
|
123 <link href="GUID-F6C20181-0F03-5B8A-B548-C81FF8824503.dita"><linktext>Working with |
|
124 Multiple Certificate Store Implementations</linktext></link> |
|
125 <link href="GUID-DCC2060B-BFEC-5ECF-8154-5AE9C8513F75.dita"><linktext>Removing |
|
126 Certificates</linktext></link> |
|
127 <link href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6"> |
|
128 <linktext>Manipulating Applicability and Trust Settings for a Certificate</linktext> |
|
129 </link> |
|
130 </related-links></concept> |