This topic describes how to obtain certificate authority
(CA) self-signed SSL certificates by using the IBM HTTP Server (IHS)
iKeyMan key management utility.
Procedure
- Start the IHS iKeyMan utility.
- On Windows:
- Click
- On the UNIX system and Linux:
- Open a command prompt window and run $RATIONAL_COMMON/IHS/bin/ikeyman.sh.
- Click .
- Enter CMS and click Browse to
navigate to your key store file key.kdb.
- Enter the keystore password and click OK. See Creating HTTP server keys if
the key.kdb keystore file is not created.
- Select Personal Certificate Request from
the drop-down menu in the Key Database Content section.
- Fill in the field values. Use the full name of your province
instead of an abbreviation. Then save the file with the .arm file
extension.
- Follow your certificate authority organization's rules
for sending the .arm file and receiving the signed
certificate .cert file. For example, some companies
direct you to a web site where you can upload the .arm file
and receive the .cert file by e-mail.
- You must rename the .cert file to
the value in the Common Name field of the resulting
certificate. Typically, this is the full internet reference to the
host computer, for example, myhost.mydomain.mycompany.com.
You must use the full internet name wherever the common name is referenced.
- Select Signer Certificates from
the drop-down menu in the Key Database Content section.
- If the certificate authority name is listed in the Key
Database Content section:
- Select Personal Certificates from the
drop-down menu and click Receive.
- Browse for the CommonName.arm file.
Select the appropriate file type (ASCII or DER
binary file) from the Data Type drop-down
menu and click OK. A message appears indicating
that the certificate was received.
- If the certificate authority name is not listed in the Key
Database Content section:
- Add the root certificate for the certificate authority:
- Find the root certificate on the web site of your certificate
authority, download it, and name it CA.arm,
where CA is the company name
of the certificate authority.
- Select Signer Certificates from the drop-down
menu in the Key Database Content section and
click Add.
- Click Browse to navigate to the CA.arm file
that you just downloaded. Select the appropriate file type (ASCII or DER
binary file) from the Data Type drop-down
menu and click OK. The list now contains the
name of your certificate authority, and a message appears indicating
that the certificate was received.
- Repeat step 7.a.