To complete this task you use ikeyman to create a server keyring and a server certificate. You then use ikeyman to export the certificate, create a client keyring, and import the server certificate into the keyring.
ikeyman is installed in the <install_path>/jvm17/bin directory.
For information about the benefits of using SSL see Why use SSL?.
UNIX and Linux commands are case-sensitive; on these platforms when starting the ikeyman tool, issue the command like this: ikeyman.
The keyring contains your server certificate and its associated private key. SSL uses the certificate to identify the server to connecting clients.This keyring must be used exclusively on the server and must be kept secure.
The common name defaults to the name of your machine, and the validity period defaults to 365 days.
ikeyman now generates a public/private key pair, and an entry for the exampleservercert certificate you have just created appears in the Personal Certificates window.
The Key information window for the certificate opens. The information in the Issued to (certificate requester) and Issued by (signer) text boxes is identical.
To establish an SSL connection with a server that presents this certificate, the client must trust the signer. To do this the client key repository must contain the signer certificate of the server that presents the exampleservercert certificate.
The exported certificate is a signer certificate generated from the personal certificate in the keyring, it does not contain the private key. Import the certificate into the keyring of any client that needs to communicate with this SSL server. The certificate allows the client to verify the identity of the server.
A client keyring must contain, as a minimum, the signer certificate of the SSL server keyring. This keyring is used by the client application, to verify the identity of the server. If client authentication is required it must also contain a client personal certificate, used to prove its own identity. For more information see Configuring SSL client authentication.
The new signer certificate is added to the Signer Certificates list and can be used by the client application to verify the identity of the server.
You have now configured SSL server authentication.