---
title: Import existing CA-signed certificates
description: You can import your existing certificate authority certificate authority (CA) signed certificate in API Behavioral Security (ABS).
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_import_existing_ca_signed_certificates
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_import_existing_ca_signed_certificates.html
revdate: April 24, 2024
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
  example-3: Example:
---

# Import existing CA-signed certificates

You can import your existing certificate authority certificate authority (CA) *(tooltip: \<div class="paragraph">
\<p>An entity that issues digital certificates.\</p>
\</div>)* signed certificate in API Behavioral Security (ABS).

## Before you begin

Stop ABS if it is already running to import the CA-signed certificate.

## About this task

To import the CA-signed certificate:

## Steps

1. Export your CA-signed certificate to the PKCS12 store by entering the following command:

   ```
   # openssl pkcs12 -export -in  <your_CA_cerficate>.crt -inkey  <your_certificate_key>.key -out abs.p12 -name  <alias_name>
   ```

   ### Example:

   ```
   # openssl pkcs12 -export -in ping.crt -inkey ping.key -out abs.p12 -name exampleCAcertificate
   Enter Export Password:
   Verifying - Enter Export Password:
   ```

   |   |                                                                                                                     |
   | - | ------------------------------------------------------------------------------------------------------------------- |
   |   | If you have an intermediate certificate from the CA, then append the content to the`<your_CA_certificate>.crt`file. |

2. Import the certificate and key from the PKCS12 store to Java KeyStore (JKS) *(tooltip: \<div class="paragraph">
   \<p>A repository of security certificates and corresponding private keys.\</p>
   \</div>)* by entering the following command:

   ```
   # keytool -importkeystore -destkeystore abs.jks -srckeystore abs.p12 -srcstoretype PKCS12 -alias  <alias_name>-storetype jks
   ```

   ### Example:

   ```
   # keytool -importkeystore -destkeystore abs.jks -srckeystore abs.p12 -srcstoretype PKCS12 -alias exampleCAcertificate  -storetype jks
   Importing keystore abs.p12 to abs.jks...
   Enter destination keystore password:
   Re-enter new password:
   Enter source keystore password:
   ```

   |   |                                                                                                                                                                                                                          |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
   |   | The command requires the destination keystore password. The destination keystore password entered in the command should be the same as configured in the [abs.properties](pingintelligence_abs_configuration.html) file. |

   ### Example:

   Here is a snippet of the `abs.properties` file where the destination keystore password is stored. The password is obfuscated.

   ```
   # Java Keystore password
   jks_password=OBF:AES:Q3vcrnj7VZILTPdJnxkOsyimHRvGDQ==:daYWJ5QgzxZJAnTkuRlFpreM1rsz3FFCulhAUKj7ww4=
   ```

3. Copy the `abs.jks` file that you created in step 2 to the `/opt/pingidentity/abs/config/ssl` directory.

4. Start ABS by entering the following command:

   ```
   # /opt/pingidentity/abs/bin/start.sh
   Starting API Behavioral Security 4.0...
   please see /opt/pingidentity/abs/logs/abs/abs.log for more details
   ```