Converting Open SSL certificates to IBM SSL certificates

If you are upgrading your point product and are currently using Open SSL certificates, you must export your certificates to PKCS12 format before importing them as IBM® SSL certificates. These exported private and public certificates are stored in a password-protected file.

Before you begin

The following variable is used in path names in this topic:
RATIONAL_COMMON
Directory where Rational common files are installed

Procedure

  1. If you have not already done so, download a copy of the Open SSL executable file from the following web site: http://www.openssl.org.
  2. Export your Open SSL certificate to PKCS12 format:
    1. Open a command prompt window and navigate to the directory where you downloaded the Open SSL executable file.
    2. Enter the following command:

      openssl pkcs12 -export -in your_server_certificate.crt -out mapped_shared_location\server_cert.p12 -inkey your_server_private_key.key -name ibmhttp

      Attention: Note the location of the server_cert.p12 file. This is the PKCS12 formatted file that is imported into the IBM SSL Key Management store.
    3. Enter the pass phrase that you used when you created the private key.
    4. Enter an export password.
  3. Upgrade the IBM SDK policy files to use the unrestricted version to enable recognition of non-IBM certificate files.
    Attention: Failure to upgrade the policy files to use the unrestricted version will generate an error when importing the PKCS12 certificate.

    Follow the procedures in http://www.ibm.com/support/docview.wss?uid=swg21201170. Download version 1.4.2 of the unrestricted policy files and replace the existing two policy files at this location:

    On Windows®:
    %RATIONAL_COMMON%\IHS\java\jre\lib\security
    On the UNIX® system and Linux:
    $RATIONAL_COMMON/IHS/java/jre/lib/security
  4. Import the certificate into the IBM SSL Key Management store:
    1. Start the IBM HTTP Server Key Management Utility if it is not already running.
    2. Click Key Database File > Open > Select Key database type CMS and click Browse to navigate to your key store file (common/IHS/key.kdb).
    3. Enter the keystore password and click OK.
    4. In the Key database content area, click the drop-down menu and select Personal Certificates.
    5. Click Import and then click Key File type and select PKCS12.
    6. Click Browse, navigate to the .p12 file to import and click OK.
    7. If prompted, enter a password for the key database and click OK.
    8. Click OK again to complete the import process.
    Attention: You cannot import the certificate if it has an expired validity date.

Feedback