* Automatic import process must contain the public key, not the private key

-- Interchange 5.3 supports a mechanism for automatically importing certificates into the certificate store from files on disk as the application is first started after installation.
-- This is handy for loading common intermediary and root certificates from VeriSign and other Certificate Authorities
-- To use this automatic certificate importing mechanism, do the following:

----> Construct a directory or directory hierarchy containing the files containing the certificates. The files can have any extensions but typically .cer, .crt and .der are used for files that contain the ASN.1 encoding of a single X.509 certificate, while .p7b and .p7c are used for files that contain the ASN.1 encoding of a PKCS#7 ContentInfo containing a SignedData containing one or more X.509 certitificates. Using .p7b and .p7c files is recommended when importing a chain of intermediary certificate(s) and a root certificate; all the related certificates should be kept together in a single file. Using a directory hierarchy is handy for arranging certificates by issuer; e.g., all VeriSign certificates can be in a VeriSign directory, all Entrust certificates can be in an Entrust directory and so on. In keeping with the standard directory structure, the main certificate directory should be under the [InstallPath]/common/conf directory; a good choice for a subdirectory name would be certs.
In the crossworks.properties file, create a dir.certs entry that has as its value the name of the directory where the certs are installed; e.g., dir.certs=[InstallPath]/common/conf/certs.

-- There are some important points about this mechanism:

----> The crossworks.properties file must contain a valid dir.certs entry for the import to take place; no default certificate directory is assumed.
Certificates are imported by the system when it is started only if the certificate store is empty. This will typically be the first time a newly installed system is started. Once the certificate store contains just one certificate, re-starting the system will not automatically import any certificates into the certificate store.
None of the imported certificates are trusted in any PSE, they are just imported in to the CI5 certificate store so they are available for validating end-entity certificates as they are imported and used.
The importing code tries to import certificates from all files in the directory hierarchy, regardless of their extensions. Files that are not recognized as containing ASN.1 encoded certificates as described above are ignored. Thus, feel free to pepper your certificate directory hierarchy with readme files or whatever.
The order in which files in the directory hierarchy are processed is indeterminate. Therefore, it is recommended that certificate chains be contained within a single .p7b or .p7c file as described above.
Any errors or warnings that are encountered during the certificate import process are logged in the _cn.log file.