To ensure Secure
Sockets Layer (SSL) communication, servers
require a personal certificate that is either self-signed, chained
or signed by an external certificate authority (CA). You must first
create a personal certificate request to obtain a certificate that
is signed by a CA.
Before you begin
The keystore that
contains a personal certificate request
must already exist.
Alternative Method: To
create a certificate request by using the wsadmin tool, use the createCertificateRequest command
of the AdminTask object. For more information, see the CertificateRequestCommands
command group of the AdminTask object article.
About this task
Complete
the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Key stores and certificates > keystore.
-
Click Personal certificate requests > New.
- Type the full path of the certificate request file.
The certificate request is created in this location.
- Type an alias name in the Key label field. The
alias identifies the certificate request in the keystore.
- Type a common name (CN) value. This value is
the CN value in the certificate distinguished name (DN).
- You can configure one or more of the following optional
values:
- Optional: Select
a key size value. The
valid key size values are 512, 1024, 2048, 4096, and 8192. The default
key size value is 2048 bits.
- Optional: Type an organization value. This
value is the O value in the certificate DN.
- Optional: Type an organizational unit value.
This organizational unit value is the OU value in the certificate
DN.
- Optional: Type a locality
value. This
locality value is the L value in the certificate DN.
- Optional: Type a state or providence value.
This value is the ST value in the certificate DN.
- Optional: Type a zip code value. The
zip code value is the POSTALCODE value in the certificate DN.
- Optional: Select a country value
from the
list. This country value is the C= value in the certificate
request DN.
- Click Apply.
Results
The certificate request is created in the specified
file location
in the keystore. The request functions as a temporary placeholder
for the signed certificate until you manually receive the certificate
in the keystore.
Note: Key store tools (such as iKeyman and keyTool)
cannot receive signed certificates that are generated by certificate
requests from WebSphere® Application Server. Similarly, WebSphere Application Server cannot accept
certificates that are generated by certificate requests from other
keystore utilities.
What to do next
Now you can receive the
CA-signed certificate into the keystore
to complete the process of generating a signed certificate for your
server.