Using a server certificate from
a well-known (trusted) CA
The following root certificates are already stored in the key database and marked as trusted.
Host On-Demand clients will trust certificates from these CAs:
- VeriSign Class 2 Public Primary CA
- VeriSign Class 2 Persona Not Validated
- VeriSign Class 3 Public Primary CA
- VeriSign Class 3 Persona Not Validated
- VeriSign Class 4 Public Primary CA
- RSA Secure Server CA (also obtained from VeriSign)
- Thawte Server CA
- Thawte Premium Server CA
To obtain and use a server certificate issued by a well-known (trusted) CA:
Creating a certificate request
To create the certificate request:
Certificate Management:
- On Windows, click Start > Programs > IBM Host On-Demand > Administration >
Certificate Management.
- On an AIX server, enter CertificatedManagement from a command prompt. The default
location of the AIX script is /usr/opt/hostondemand/bin. Refer to
Running Certificate Management on AIX for additional
information.
- Follow the steps in the Help to create the certificate request.
- Exit Certificate Management.
Sending the certificate request to the CA
Go to the CA's Web site. Follow the instructions to submit the certificate request. Here are
the URLs of the well-known CAs:
- VeriSign: http://www.verisign.com/
- Thawte: http://www.thawte.com/
While you are waiting for the CA to process your certificate request, you can enable security
by creating a self-signed root certificate.
Storing the certificate in the key database
When you receive the certificate, make sure it is in armored-64 or binary DER format. Only a
certificate in one of these formats can be stored in the key database. The Certificate Management program can only accept simple certificates. It cannot accept
certificate chains or PKCS7 data. The armored-64 form of a simple certificate starts with
"----BEGIN CERTIFICATE----" and ends with "----END CERTIFICATE----".
Store the certificate into the server's key database, HODServerKeyDb.kdb.
- On Windows, click Start > Programs > IBM Host On-Demand >
Administration > Certificate Management.
- On an AIX server, enter CertificatedManagement from a command prompt. The default location
of the AIX script is /usr/opt/hostondemand/bin. Refer to
Running Certificate Management on AIX for additional
information.
- Follow the steps in the Help to store the certificate.
- Exit Certificate Management.
Related topic: