[AIX HP-UX Linux Solaris Windows]

Creating a new key pair and certificate request

You find key pairs and certificate requests stored in a key database. This section provides information on how to create a key pair and certificate request.

Before you begin

There are GSKit certificate support limitations that you should remember as you create a new key pair and certificate request:
  • You cannot use IKEYMAN to create certificates with key sizes that are larger than 1024 bits, unless you are using GSKit 7.0.4.1 or later. If you are using GSKit 7.0.4.1 or later, you can use Ikeyman to create certificates with key sizes up to 2048 bits.
  • Regardless of which GSKIT version you are using, you can import certificates with key sizes up to 4096 bits into the key database.

About this task

To create a public and private key pair and certificate request, complete the following steps:

Procedure

  1. If you have not created the key database, see Creating a new key database for instructions.
  2. Start the IKEYMAN user interface.
  3. Click Key Database File from the main user interface, then click Open.
  4. Enter your key database name in the Open dialog box, or click the key.kdb file, if you use the default. Click OK.
  5. In the Password Prompt dialog box, enter your correct password and click OK.
  6. Click Create from the main user interface, then click New Certificate Request.
  7. In the New Key and Certificate Request dialog box, complete the following information:
    • Key label: Enter a descriptive comment to identify the key and certificate in the database.
    • Key size: Choose your level of encryptions from the drop-down menu.
    • Organization Name: Enter your organization name.
    • Organization Unit
    • Locality
    • State/Province
    • Zip code
    • Country: Enter a country code. Specify at least two characters. Example: US Certificate request file name, or use the default name.
  8. Click OK.
  9. Click OK in the Information dialog box. A reminder to send the file to a certificate authority displays.
  10. Optional: On UNIX-based platforms, remove the end of line characters (^M) from the certificate request. To remove the end of line characters, type the following command:
    cat certreq.arm |tr -d "\r" > new_certreq.arm
  11. Send the file to the certificate authority (CA) following the instructions from the CA Web site for requesting a new certificate.



Related concepts
Managing keys with the IKEYMAN graphical interface (Distributed systems)
Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 6:08:30 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=ihs-dist&topic=tihs_keypair
File name: tihs_keypair.html