Skip to main content

Import a certificate

You can import a certificate in any of the following formats:

  • X.509 (.cer or .pem)

  • PKCS#7 (.p7b)

  • PKCS#12 (.p12 or .pfx)

  • GLCK (.glck)

Note

GLCK is a DigiCert proprietary key store format to secure the certificate. It can include both keys and certificates. You can import certificates that were exported from the DigiCert PKI Client and used by the DigiCert PKI Platform 8 solution.

To import a certificate, perform the following steps:

  1. From the left navigation menu, select Tokens.

    Note

    You may need to log in to the token first for session-managed tokens for the Import certificate option to be available in the menu.

  2. Select Quick actions > Import certificates.

  3. Browse to the certificate and select Import.

    If you select PKCS#12 or GLCK, enter the password and click Verify.

  4. (Optional) If the file also contains a Certificate Authorities (CA), select the CA that you want to import. You can select none or all CAs included in the file.

  5. (Optional, only for Windows) If CA is selected to install, select where to install the CA certificates. Selecting Operating System Trusted CAs installs the Root CA certificates into the Windows "Trusted Root Certification Authorities" store. Intermediate CA certificates are installed into the Windows "Intermediate Certification Authorities" store.

Note

For Yubikey, CA import is not supported due to space limitations.

Avertissement

In the Windows Certificate Store, a duplicate certificate existing on another token will be replaced by the one in the token. This is due to a restriction on Windows, so the existing one is removed.