Creating self-signed personal certificates

A self-signed personal certificate is a temporary digital certificate you issue to yourself, acting as the certificate authority (CA). Creating a self-signed certificate creates a private key and a public key within the key database file. The self-signed certificate is created in a keystore file and it is useful when you develop and test your application. You can also create a self-signed personal certificate from your cryptographic token device.

Before you begin

If you want to create a self-signed certificate for a keystore, you must have already created the keystore file. You can later extract the public key and add the key as a signer certificate to other truststore files.

Read the documentation in the http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip file for further information about how to create a self-signed personal certificate within a key database file.

Steps for this task

  1. Start the key management utility, if it is not already running.
  2. Click New Self-Signed from the tool bar or click Create > New Self-Signed Certificate.
  3. Select the X509 version and the key size that suits your application.
  4. Enter the appropriate information for your self-signed certificate:
    Key Label
    Give the certificate a key label, which is used to uniquely identify the certificate within the keystore file. If you have only one certificate in each keystore file, you can assign any value to the label. However, it is good practice to use a unique label related to the server name.
    Common Name
    Enter the common name. This name is the primary, universal identity for the certificate; it should uniquely identify the principal that it represents. In a WebSphere environment, certificates frequently represent server principals, and the common convention is to use common names of the form host_name and server_name. The common name must be valid in the configured user registry for the secured WebSphere environment.
    Organization
    Enter the name of your organization.
    Optional fields
    Enter the organization unit (a department or division), location (city), state and province (if applicable), zip code (if applicable), and select the two-letter identifier of the country in which the server belongs. For a self-signed certificate, these fields are optional. However, commercial CAs might require them.
    Validity period
    Specify the lifetime of the certificate in days, or accept the default.
  5. Click OK.

Results

Your key database file now contains a self-signed personal certificate.

Example

What to do next

If you need a test certificate signed by a certificate authority, follow the procedure in Creating a certification request.

Related concepts
Secure Sockets Layer
Digital certificates
Related tasks
Creating a keystore file
Creating truststore files
Extracting public certificates for truststore files



Searchable topic ID:   tsecsscacert
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_sscacert.html

Library | Support | Terms of Use | Feedback