If you are upgrading your point product and are currently using Open SSL
certificates, you must first export your certificates to PKCS12 format, before
importing them as IBM SSL certificates. These exported private and public
certificates will be stored in a password protected file.
To export and import your existing Open SSL certificates to PKCS12 format,
do the following:
- Export the certificate to PKCS12 format:
- Using a command prompt, navigate to the following directories on the respective
system:
- On Windows: drive-letter:\Program Files\Rational\common\bin
- On UNIX and Linux: /opt/rational/common/rwp/bin
- From that directory, enter the following command: openssl pkcs12
-export -in your_server_certificate.crt -out mapped_shared_location\server_cert.p12 -inkey your_server_private_key.key -name ibmhttp
Note: Note the location of the
file server_cert.p12. This is the PKCS12 formatted file
which will be imported into the IBM SSL Key Management store.
- Enter the pass phrase used when the private key was originally created.
- Enter an export password.
- Upgrade the IBM SDK Policy Files to use the unrestricted version to enable
recognition of non-IBM certificate files.
Note: Failure to upgrade the Policy
File will result in an error while importing the PKCS12 certificate.
Follow
the procedures in http://www.ibm.com/support/docview.wss?uid=swg21201170. Download the 1.4.2 version of the unrestricted policy
files and replace the existing two policy files located at: - On Windows: drive-letter:\Program Files\Rational\common\rwp\IHS\_jvm\jre\lib\security
- On UNIX and Linux: /opt/rational/common/rwp/IHS/_jvm/jre/lib/security
Import the certificate into the IBM SSL Key Management store:
- Start the IBM HTTP server Key Management Utility tool (if it is not already
running).
- In the tool, click Key Database File > Open > Select Key database
type CMS and click Browse to navigate to
your key store file (key.kdb).
- Enter the keystore password and click OK.
- In the Key database content area, click the drop down menu and select Personal
Certificates.
- Click Import , then click Key File type and
choose PKCS12.
- Click the Browse button and navigate to the .p12 file
you wish to import, then click OK.
- If prompted, enter a password for the key database, then click OK.
- Click OK again to complete the import process.
Note: If the certificate you are attempting to import has an expired
validity date, you will not be able to import it.