A Certificate is a digitally signed statement that indicates who owns a particular public key. Certificates can be either self-signed by the sender or signed by a trusted third party (Certification Authority). It is reasonable to self-sign a certificate if the recipient already trusts the sender. Otherwise, the sender needs to obtain a certificate by a Certification Authority. A certificate is more likely to be trusted by others if it is signed by a Certification Authority.

A password-protected database known as keystore stores the private keys and their associated public key certificates. Certificates from trusted third parties are typically imported into your keystore as trusted certificates. The public key in each such certificate may then be used to verify signatures generated using the corresponding private key.

The keytool utility manages the keys and the certificates. You use the keytool commands to export a certificate from the keystore to a file that you can send to a receiver to import the certificate into the keystore as a trusted certificate.

After you set up a certificate, you must configure the server.xml file to enable HTTP over SSL (HTTPS) in OneData. HTTPS layers HTTP on top of SSL, thereby extending security capabilities of SSL to standard HTTP communication.