Creating your own self-signed test certificate on a CORBA C++ client

Before you begin

If you want to create a self-signed certificate for a key database file, you must have created the key database file. Later, you can extract the certificate and add it to a target server's truststore file. For more information about creating key database files, see Creating a key database for a CORBA C++ client.

Why and when to perform this task

When you are developing a production application, you might not want to purchase a true digital certificate until after you are done testing the product. With the IBM Key Management tool, you can create a self-signed digital certificate to use until testing is complete. A self-signed digital certificate is a temporary digital certificate you issue to yourself, with yourself as the CA.

Note: Do not release a production application with a self-signed test certificate; no browser or server will be able to recognize or communicate with your client.

To create a self-signed test certificate in a key database file, follow these steps:

  1. Start the IBM Key Management tool as described in Starting the IBM Key Management tool. The IBM Key Management window is displayed.
    1. Open the key database file (filename.kdb) for the client for which you want to request a self-signed certificate. To open the key database file, either click Open a key database file on the tool bar or select Key Database File > Open from the menu bar. Type the name and location of the key database file at the prompt.
    2. Click OK. The Password Prompt window is displayed.
    3. At the prompt, type the password that you specified when you created the CMS key database file.
    4. Click OK. The IBM Key Management tool displays all of the default signer certificates. You can add, view or delete signer certificates from this screen.
  2. To continue creating a self-signed test certificate, either click Create a new self-signed certificate on the tool bar or select Create > New Self-Signed Certificate from the menu bar. The Create New Self-Signed Certificate window is displayed.
  3. Fill in the following certificate attributes, including the name of your client as the distinguished name. You can leave other attributes with their default values.
    Key Label
    The key label is used to uniquely identify the certificate within the key database file. For the CORBA C++ client, there typically is only one certificate in each key database file, so you can assign any label value. However, it is good practice to use a unique label, perhaps related to the client name.
    Version
    The version of the RSA cipher algorithm is used to digitally sign and authenticate certificates. Select the default version X509 V3.
    Key size
    Key size is the size of the key used to digitally sign and authenticate certificates. The default is 1024. For 128-bit cipher algorithms, the value can be either 512 or 1024. For 56-bit cypher algorithms, the value must be 512.
    Common Name
    The common name is the primary, universal identity for the certificate. It must uniquely identify the principal that it represents.
    Organization
    This is the name of your organization.
    Organization Unit
    (Optional) This is the name of your organization unit.
    Locality
    (Optional) This is the name of the location (city).
    State/Province
    (Optional) This is the name of the state/province.
    Zipcode
    (Optional) This is the zip code.
    Country
    This menu is the two-letter identifier of the country in which the server belongs.
    Validity period
    The default validity period of 365 days is typically used. Otherwise, specify the number of days that the certificate is valid.
  4. Click OK. The IBM Key Management window is displayed. The Personal Certificates field shows the name of the self-signed digital certificate you created.

    Note: If you have only one personal certificate, it is set as the default certificate for the database. If you have more than one personal certificate, choose which one is the default certificate. You can change the default certificate by first highlighting the certificate and then selecting View/Edit. Then, select the checkbox at the bottom of the screen to set this certificate as the default.


Related tasks
Creating SSL certificates for a CORBA C++ client
Creating a key database for a CORBA C++ client
Starting the IBM Key Management tool
Enabling SSL certificate security between a CORBA C++ client and an EJB server



Searchable topic ID:   tcor_ssl7
Last updated: Jun 21, 2007 8:07:48 PM CDT    WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/corba/tasks/tcor_ssl7.html

Library | Support | Terms of Use | Feedback