Purpose
Add a certificate to the Cantara Administration Console.
Before you begin
-
You must have permissions to manage certificates.
-
A tenant must already exist.
-
You should have a PKCS12 certificate file ready.
-
You must know the file password used to encrypt the PKCS12 file.
-
If the file contains multiple certificates, you should know the alias (optional).
Procedure
To add a certificate:
-
Navigate to Certificates.
The Certificates Management screen opens, showing a list of all existing certificates along with their details, such as Name, Alias and Expiry.
-
Click + Add Certificate in the top right of the Certificates list.
-
Enter a Name for the certificate.
-
The name must be unique.
-
The name must follow naming rules:
-
Allowed: Letters, numbers, underscores
_, dashes- -
Not allowed: Spaces or other special characters
-
-
-
(Optional) Enter an Alias.
-
Required only if the PKCS12 file contains multiple certificates.
-
If left blank, the system uses the first certificate in the file.
-
-
Enter the File Password.
-
This is mandatory to read the PKCS12 file.
-
-
(Optional) If the PKCS12 file has a key password, enter it.
Note: Use a PKCS12 keystore (JKS is not supported). If your private key and certificate are separate, merge them into a single file first. Then create the keystore with the following command:
openssl pkcs12 -export -in mykeycertificate.pem.txt -out mykeystore.pkcs12 \ -name myAlias -noiter -nomaciter
A File Password is required. The Key Password is only needed if the key is encrypted.
-
Select the certificate file.
-
Drag and drop the PKCS12 file or browse to select it.
-
Supported file format: PKCS12 (
.p12or.pfx). -
Note: JKS format is not supported.
-
-
Click Save.
-
The system validates the PKCS12 file and loads the certificate.
-
The expiry date is displayed if successfully read.
-
If the file cannot be read, an error or warning is shown.