Importing a certificate involves using the Certificate Management Tool to retrieve a certificate from a certificate chain file (.chn) and then installing that certificate on your system. This certificate can be one that you have generated, or can be one that your trading partner has generated and submitted to you.
At this time, the Certificate Management Tool works only with the Windows NT Certificate Server. Support by other certificate authorities is currently in progress.
If you are building a transmit pipeline and you want to digitally sign the data in the business data object, then you first use the Certificate Management Tool to generate a signature certificate request (see Generating a Certificate Request). Next, you use Microsoft Certificate Server to generate a certificate based on this request (see Generating Certificates with Microsoft Certificate Server). The result of this operation is a certificate chain file (.chn), which you import using the Certificate Management Tool.
After you have imported the certificate, you can configure the DigitalSig component to use this certificate to digitally sign the business data object data.
In addition, you supply a copy of the .chn file for this certificate to your trading partner. After your trading partner has imported the certificate, it can be used in a receive pipeline to configure the VerifyDigitalSig component.
If you want to use a trading partner’s certificate to encrypt a business data object, obtain a certificate chain (.chn) file for an exchange certificate from your trading partner, and import it onto your system. After importing the certificate, you can use it to configure the EncryptPKCS component.
A certificate can be imported only once. Subsequent attempts to import the same certificate will fail. If you need to import a certificate again (for example, if you deleted it by accident), you must re-create the certificate (create a new certificate request, generate a new certificate chain file) and then import the new certificate.
If the certificate you have imported is an exchange certificate, you can use it to configure the EncryptPKCS component.