To obtain a certificate from a certificate authority, submit a
certificate signing request (CSR) using the key management utility (iKeyman).
You can request either production or test certificates from a CA with a CSR.
With the key management utility, generating a certificate signing request
also generates a private key for the application for which the certificate
is requested. The private key remains in the application keystore file, so
it stays private. The public key is included in the certificate requested.
Procedure
- Start the key management
utility if it is not already running.
- Open the key database file from which you want to generate the
request.
- Type the password and click OK.
- Click Create > New Certificate Request. The Create New Key
and Certificate Request window displays.
- Type a Key Label, a Common Name, and Organization;
and select a Country. For the remaining fields, accept the default
value, type a value, or select new values. The common name must be valid in
the configured user registry for the secured WebSphere environment.
- Type in a name for the file, such as certreq.arm.
- Click OK to complete.
- Optional: On UNIX-based platforms, remove the end of
line characters (^M) from the certificate signing request. To remove
the end of line characters, type the following command:
cat certreq.arm |tr -d "\r" > new_certreq.arm
- Send the certreq.arm file to the certificate authority
(CA) following the instructions from the CA Web site for requesting a new
certificate.
Results
The Personal Certificate Requests list shows the key label of the
new digital certificate request you just created. Send the file to a CA to
request a new digital certificate, or cut and paste the request into the request
forms of the CA Web site.
What to do next
You need to request a certificate authority-signed digital certificate
for your secure WebSphere domain. Once you submit the certificate signing
request, wait for the CA to accept the request. After the CA has verified
your identity, it sends back the signed certificate usually through e-mail.
Receive the signed certificate back to the keystore file from which you generated
the CSR.