Certificates can be created by a certificate authority
(CA) when a CAClient object is configured to connect to the CA to
create the certificate. Certificates created by a certificate authority
(CA) with a CA client are tracked in the security configuration in
an object called CACertificate. The certificate
is stored in a keystore and a CACertificate object
is added to the configuration to reference the certificate. CA certificates
are personal certificates.
Before you begin
Before you begin, a CA client must be created to connect to
the CA server. You then use the administrative console to create a
CA certificate.
Note: In this release of WebSphere® Application Server, the valid
key size values are 512, 1024, 2048, 4096, and 8192. The default key
size value is 2048 bits.
Procedure
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which you want
to add the new CA certificate.
- Under Additional Properties, click Personal certificates to
create a new CA certificate in the configuration.
Note: You
can also create a CA certificate by using the requestCACertificate AdminTask
.
- Click the Create button and select CA-signed
Certificate
- Fill in the following information to the CA certificate
section.
- Click Apply then OK.
Results
The certificate is stored in the keystore selected in the
path to this panel and a CACertificate configuration object is created.
Once a CA certificate is created the certificate can be used by the
runtime for SSL communication.
An existing certificate request
can be used to create the CA certificate or a new certificate request
can be created. This panel uses the requestCAClient AdminTask to
create the CA certificate.