Importing a Certificate onto an eToken

The following certificate types are supported:


Note: The certificate file must be DER encoded or Base64 (not PKCS #7).

If a PFX file is selected, the private key and corresponding certificate will be imported to the eToken. You will be asked if CA certificates should be imported to the eToken, and you will be asked to enter the password (if it exists) protecting the PFX file.

In the case of a CER file (which contains only X.509 certificates), the program checks if a private key exists on the eToken. If the private key is found, the certificate is stored with it. If no private key is found, then you are asked if you want to store the certificate as a CA certificate.

When downloading a certificate to the computer and then importing the certificate to the eToken, remove the certificate from the local store and reinsert the eToken before using the certificate to sign and encrypt mail. This ensures you are using the certificate and keys stored on the eToken.

Note: It is not possible to import a certificate onto eToken Rescue.

To import a certificate:

  1. To open eToken PKI Client Properties do one of the following:

The eToken PKI Client Properties window opens.

  1. Click the Advanced View icon

The Advanced View window opens.

  1. Do one of the following:

The Import Certificate window opens.

  1. Select one of the following

If you select the personal certificate store, a list of available certificates is displayed. Only certificates that can be imported on to the eToken are listed. These are:

If you select Import a certificate from a file, the Choose a certificate window opens.

  1. Select the certificate to import and click Open.

If the certificate requires a password, the Password window opens.

  1. Enter the certificate password.

The Import Operation window opens asking if you want to store the CA certificates on the eToken.

  1. Select Yes or No.

All requested certificates are imported, and a confirmation message opens.


See Also:

eToken Management