Requesting a personal certificate
To apply for a personal certificate, use the iKeyman tool as follows:
- Start the iKeyman GUI using either the gsk7ikm command (UNIX(R)) or the
strmqikm command (Windows(R)).
- From the Key Database File menu, click Open. The Open window displays.
- Click Key database type and select CMS (Certificate Management System).
- Click Browse to navigate to the directory that contains
the key database files.
- Select the key database file from which you want to generate the request,
for example key.kdb.
- Click Open. The Password Prompt window displays.
- Type the password you set when you created the key database and click OK. The name of your key database file displays in the File Name field.
- From the Create menu, click New
Certificate Request. The Create New Key and Certificate Request window
displays.
- In the Key Label field, type:
- For a queue manager, ibmwebspheremq followed by the name of
your queue manager changed to lower case. For example, for QM1, ibmwebspheremqqm1, or
- For a WebSphere MQ client, ibmwebspheremq followed by your logon user ID
folded to lower case, for example ibmwebspheremqmyuserid.
- Type a Common Name and Organization, and select a Country. For the remaining optional
fields, either accept the default values, or type or select new values. Note
that you can supply only one name in the Organizational Unit field. For more information about these fields, refer to Distinguished Names.
-
In the Enter the name of a file in
which to store the certificate request field, either accept the default certreq.arm, or type a new value with a full path.
- Click OK. A confirmation window displays.
- Click OK. The Personal Certificate
Requests list shows the label of the new personal certificate
request you created. The certificate request is stored in the file you chose
in step 11.
- Request the new personal certificate either by sending the file to a Certification
Authority (CA), or by copying the file into the request form on the Web site
for the CA.
Use the following commands to request a personal certificate using iKeycmd:
- On UNIX:
gsk7cmd -certreq -create -db filename -pw password -label label
-dn distinguished_name -size key_size -file filename
- On Windows:
runmqckm -certreq -create -db filename -pw password -label label
-dn distinguished_name -size key_size -file filename
where:
-db filename |
is the fully qualified file name of
a CMS key database. |
-pw password |
is the password for the CMS key database. |
-label label |
is the key label attached to the certificate. |
-dn distinguished_name |
is the X.500 distinguished name enclosed in double quotes.
Note that only the CN, O, and C attributes are required, and that you can
supply only one OU attribute. |
-size key_size |
is the key size. The value can be 512 or 1024. |
-file filename |
is the filename for the certificate request. |
If you are using cryptographic hardware, refer to Requesting a personal certificate for your PKCS #11 hardware.