The certificate file can contain one or more locations of server or client identity certificates and potentially a collection of intermediate Certificate Authority (CA) certificates supporting the identity certificates.
The file takes the following format:
[Absolute or relative file path][Delimiter character][Absolute or relative file path]
Currently the semicolon (;) is the only supported delimiter. Supported certificate file format types include DER, CER, PKCS #7, PKCS #12, and PEM. File extensions do not have to match the file format type in order for them to be recognised and work correctly. Micro Focus recommends that the file extensions match the appropriate certificate type.
PKCS #12 files might contain an identity certificate and possibly an optional CA root certificate chain collection plus an optional private key.
Multiple certificates can be contained within one file when using PEM file format content. Individual PEM files can be concatenated together to form a multiple certificate PEM file.
In any one PEM ID file:
PEM files containing multiple certificates must include at least one identification certificate. It may also contain an optional supporting collection of intermediate CA chain of certificates for that identification certificate.
In a dual identity installation one PEM file may also contain both identity certificates. In addition, it may contain both or neither of the optional Intermediate CA chains of certificates. In this configuration the two supporting key files must be specified as two files. The order of the two certificates within the one certificate file does not have to match the order of the two key files. The key file configuration order still has to match that of the keyfile's passwords.