5.3. Converting an external certificate in the IdM web UI for loading into an IdM user account

Procedure

1. Using the CLI, convert the certificate to the PEM format:

   • If your certificate is in the DER format:

   $ openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

   • If your file is in the PKCS #12 format, whose common filename extensions are .pfx and .p12, and contains a certificate, a private key, and possibly other data, extract the certificate using the openssl pkcs12 utility. When prompted, enter the password protecting the private key stored in the file:

     $ openssl pkcs12 -in cert_and_key.p12 -clcerts -nokeys -out cert.pem
     Enter Import Password:

2. Open the certificate in an editor and copy the contents. You can include the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" header and footer lines but you do not have to, as both the PEM and base64 formats are accepted by the IdM web UI.
3. In the IdM web UI, log in as security officer.
4. Go to Identity Users <user_name>.
5. Click Add next to Certificates.
6. Paste the PEM-formatted contents of the certificate into the window that opens.

7. Click Add.

   If the certificate was accepted by the system, you can see it listed among the Certificates in the user profile.