Use SCT to import certificates and private keys from the local file system. Three file formats are supported: *.pem, *.cer, and *.crt. Typically, each device has two or three certificate files to import: one root, one intermediate, and one server certificate. Some devices may have more than one intermediate certificate. Whatever the case, always import every certificate file that the customer's IT department or CA provides from the CSR you sent them.
SCT supports the import of only one certificate at a time. For example, if the root and intermediate certificate information comes in a single file, you need to split it into two different files, one for the root and the other for the intermediate certificate.
When you import a server certificate, SCT pairs the imported server certificate with the private key from the associated CSR. If a server certificate is imported that contains an identical Issued To Common Name (CN) as an existing certificate, the imported certificate replaces the existing certificate, but the private key is retained; it is not replaced.
An imported server certificate of a Metasys server does not require a private key. In this case, the certificate chain of these devices is needed by the SCT only to determine the set of root certificates required by the child devices.