Enter the following information in the Password Prompt
dialog box:
- Key label: Enter a descriptive comment to identify the key
and certificate in the database.
- Key size: Choose your level of encryptions from the drop-down
menu.
- Common Name: Enter the fully qualified host name of the Web
server as the common name. Example: www.myserver.com.
- Organization Name: Enter your organization name.
- Optional: Organization Unit
- Optional: Locality
- Optional: State/Province
- Optional: Zip code
- Country: Enter a country code. Specify at least two characters.
Example: US Certificate request file name, or use the default name.
- Validity Period
A checksum of the certificate request is cryptographically
signed with the new private key, and contains a copy of the new public
key. The public key can then be used by a certificate authority to
validate that the certificate signing request (CSR) has not been tampered
with. Some certificate authorities might require that the checksum
that is signed by the public key be calculated with a stronger algorithm
such as SHA-1 or SHA-2 (SHA-256, SHA-384, SHA-256). ![[sep2010]](../../deltaend.gif)
sep2010
![[sep2010]](../../delta.gif)
This
checksum is a the "Signature Algorithm" of the CSR
Note: ![[sep2010]](../../delta.gif)
IBM
HTTP Server 7.0 ships IKEYMAN version 8.x. When using IKEYMAN version
8.x to create a certificate request, the user is asked to select a
signature algorithm from a pull-down list.
![[sep2010]](../../deltaend.gif)
sep2010
![[sep2010]](../../deltaend.gif)
sep2010
Subject
Alternate Name (SAN) extensions are fields in a certificate request
that inform SSL Clients of alternate hostnames that correspond to
the signed certificate. Normal certificates (issued without a wildcard
string in their Distinguished Name) are only valid for a single hostname.
For example, a certificate created for example.com is not valid on
www.example.com unless a Subject Alternate Name of "www.example.com"
is added to the certificate. A certificate authority may charge an
additional fee if your certificate contains 1 or more SAN extensions. ![[sep2010]](../../deltaend.gif)
sep2010