Creating SSL key files and certificates for Windows
The IBM WebSphere Application Server
provides the ikeyman utility that manages Secure Sockets Layer (SSL) key files
and certificates. For secure communication, you must create server key files
with personal certificates. This procedure is only necessary
if you chose to defer generating the SSL files and certificates during the
MDM installation.
Steps
The Multiple Device Manager installation program
gives you the option to defer creating the SSL certificate files until after
the installation completes. If you selected that option during the installation,
you will need to follow this procedure to create the files manually.
Perform the following steps to create the key files using the ikeyman utility:
- Launch the utility:
- Type the following command:
<WAS-destination-directory>\WebSphere\AppServer\bin\ikeyman.bat
where <WAS-destination-directory> is the directory where the WebSphere Application
Server is installed on your system.
- Create the server SSL key file and certificate:
- Open the ikeyman utility and create a new JKS key file.
- Name the file the same as you entered it in the "SSL Configuration"
window during the Multiple Device Manager installation (for example, MDMServerKeyFile.jks,
the default value of Key File Name item in the SSL Configuration
window).
- Keep a record of all the passwords for these keys.
- Click Signer Certificates, and delete all of the
JKS key files listed.
- Click Personal Certificates, and then create a new
self-signed certificate.
- Enter the appropriate information for the new certificate. It is best
to include as much information as you can.
- Create the server SSL trust file and certificate:
- Open the ikeyman utility and create a new JKS key file.
- Name the file the same as you entered it in the SSL Configuration
window during the Multiple Device Manager installation (for example, MDMServerTrustFile.jks,
the default value of Trust file name item in the SSL
Configuration window).
- Keep a record of all the passwords for these keys.
- Click Signer Certificates and delete all of the
JKS key files listed.
Related topics