To ensure Secure Sockets Layer (SSL) communication, servers require
a personal certificate that is either self-signed or signed by a certificate
authority (CA). You must first create a personal certificate request to obtain
a certificate that is signed by a CA.
Before you begin
The keystore that contains a personal certificate request must already
exist.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Key stores
and certificates > keystore.
- Click Personal certificate requests > New.
- Type the full path of the certificate request file. The
certificate request is created in this location.
- Type an alias name in the Key label field. The
alias identifies the certificate request in the keystore.
- Type a common name (CN) value. This value is the CN
value in the certificate distinguished name (DN).
- Type an organization value. This value is the O value
in the certificate DN.
- You can configure one or more of the following optional values:
- Optional: Select a key size value. The
default key size value is 1024 bits.
- Optional: Type an organizational unit value.
This organizational unit value is the OU value in the certificate DN.
- Optional: Type a locality value. This
locality value is the L value in the certificate DN.
- Optional: Type a state or providence value.
This value is the ST value in the certificate DN.
- Optional: Type a zip code value. The
zip code value is the POSTALCODE value in the certificate DN.
- Optional: Select a country value from the list.
This country value is the C= value in the certificate request DN.
- Click Apply.
Results
The certificate request is created in the specified file location
in the keystore. The request functions as a temporary placeholder for the
signed certificate until you manually receive the certificate in the keystore.
Note: Key
store tools (such as iKeyman and keyTool) cannot receive signed certificates
that are generated by certificate requests from WebSphere Application Server.
Similarly, WebSphere Application Server cannot accept certificates that are
generated by certificate requests from other keystore utilities.
What to do next
Now you can receive the CA-signed certificate into the keystore to
complete the process of generating a signed certificate for your server.