In a production environment, use a personal certificate signed
by a certificate authority (CA). The principal or the owner of the CA-signed
personal certificate is authenticated by a CA when the CA signs the principal
certificate. Because the CAs keep their private keys secure, the signed certificate
is more trustworthy than a self-signed certificate. Certificate authorities
are entities that issue valid certificates for other entities. Well-known
CAs include VeriSign, Entrust, and GTE CyberTrust. You can request a test
certificate or a production certificate from some of the CAs, such as VeriSign.
Before you begin
The authentication process by a CA can take time. Commercial CAs often
require up to a week to complete their authentication process. Even on-site
CAs can take several minutes, if not hours, or even days, to complete their
authentication process. Therefore, you must plan for the certificates that
you need.
Considering the following points when you plan for the CA-signed
certificate:
- On the certificate signing request that you send to the CA, specify the
common name for the certificate. The common name is the primary, universal
identity for the certificate. It should uniquely identify the principal that
it represents. Verify that the common name is valid in the configured user
registry for the WebSphere Application Server domain.
- Check the formatting of the address fields that your CA requires when
planning the address for a certificate request.
Procedure
- Create and send a certificate signing request (CSR) to the CA.
- Visit the CA Web site and follow the instructions to request a
test or production certificate.
Results
After the request is accepted, the certificate authority verifies
your identity and finally issues a signed certificate to you. The certificate
is usually sent through e-mail.
What to do next
Request a production certificate from a trusted CA for the production
WebSphere Application Server environment. After you receive the e-mail from
the CA, follow the instructions to store your signed certificate as a file.
Receive or store the certificate into the keystore file as a personal certificate.