If you are upgrading your point product and are currently
using Open SSL certificates, you must export your certificates to
PKCS12 format before importing them as IBM® SSL
certificates. These exported private and public certificates are stored
in a password-protected file.
Before you begin
The following variable is used in path names in this topic:
- RATIONAL_COMMON
- Directory where Rational common files are installed
Procedure
- If you have not already done so, download a copy of the
Open SSL executable file from the following web site: http://www.openssl.org.
- Export your Open SSL certificate to PKCS12 format:
- Open a command prompt window and navigate to the directory
where you downloaded the Open SSL executable file.
- Enter the following command:
openssl pkcs12 -export -in your_server_certificate.crt -out mapped_shared_location\server_cert.p12 -inkey your_server_private_key.key -name ibmhttp
Attention: Note the location of the server_cert.p12 file.
This is the PKCS12 formatted file that is imported into the IBM SSL
Key Management store.
- Enter the pass phrase that you used when you created
the private key.
- Enter an export password.
- Upgrade the IBM SDK policy files to use the
unrestricted version to enable recognition of non-IBM certificate
files.
Attention: Failure to upgrade the policy
files to use the unrestricted version will generate an error when
importing the PKCS12 certificate.
Follow the procedures in http://www.ibm.com/support/docview.wss?uid=swg21201170. Download version 1.4.2 of the unrestricted
policy files and replace the existing two policy files at this location:
- On Windows®:
- %RATIONAL_COMMON%\IHS\java\jre\lib\security
- On the UNIX® system and Linux:
- $RATIONAL_COMMON/IHS/java/jre/lib/security
- Import the certificate into the IBM SSL
Key Management store:
- Start the IBM HTTP Server Key Management Utility
if it is not already running.
- Click Key Database File > Open > Select Key
database type CMS and click Browse to
navigate to your key store file (common/IHS/key.kdb).
- Enter the keystore password and click OK.
- In the Key database content area, click the drop-down
menu and select Personal Certificates.
- Click Import and then click Key
File type and select PKCS12.
- Click Browse, navigate to the .p12 file
to import and click OK.
- If prompted, enter a password for the key database and
click OK.
- Click OK again to complete the
import process.
Attention: You cannot import the certificate
if it has an expired validity date.