A self-signed personal certificate is a temporary digital certificate
you issue to yourself, acting as the certificate authority (CA). Creating
a self-signed certificate creates a private key and a public key within the
key database file. The self-signed certificate is created in a keystore file
and it is useful when you develop and test your application. You can also
create a self-signed personal certificate from your cryptographic token device.
Before you begin
If you want to create a self-signed certificate for a keystore, you
must have already created the keystore file. (Refer to
Creating a keystore file for more information.) You can later
extract the public key and add the key as a signer certificate to other truststore
files.
Read the documentation in the http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip file
for further information about how to create a self-signed personal certificate
within a key database file.
Steps for this task
- Start the key management
utility, if it is not already running.
- Click Key Database file > Open to select an existing file,
or click Key Database file > New to select a new file. Select
"CMS" for Key database type, select "key.kdb" for file name, and enter a directory
for the file location.
- Click New Self-Signed from the tool bar or click Create
> New Self-Signed Certificate.
- Select the X509 version and the key size that suits your
application.
- Enter the appropriate information for your self-signed certificate:
- Key Label
- Give the certificate a key label, which is used to uniquely identify the
certificate within the keystore file. If you have only one certificate in
each keystore file, you can assign any value to the label. However, it is
good practice to use a unique label related to the server name.
- Common Name
- Enter the common name. This name is the primary, universal identity for
the certificate; it should uniquely identify the principal that it represents.
In a WebSphere environment, certificates frequently represent server principals,
and the common convention is to use common names of the form host_name and server_name.
The common name must be valid in the configured user registry for the secured
WebSphere environment.
- Organization
- Enter the name of your organization.
- Optional fields
- Enter the organization unit (a department or division), location (city),
state and province (if applicable), zip code (if applicable), and select the
two-letter identifier of the country in which the server belongs. For a self-signed
certificate, these fields are optional. However, commercial CAs might require
them.
- Validity period
- Specify the lifetime of the certificate in days, or accept the default.
- Click OK.
Result
Your key database file now contains a self-signed personal certificate.
What to do next
Create a self-signed test certificate for testing purposes. If
you need a test certificate signed by a certificate authority, follow the
procedure in
Creating a certification
request.