[AIX HP-UX Linux Solaris Windows][z/OS]

Certificates

This topic provides information on Secure Sockets Layer certificates.

[AIX Solaris HP-UX Linux Windows] Use the IBM HTTP Server IKEYMAN utility to create a CMS key database file and self-signed server certificate.

[z/OS] For IBM HTTP Server, use the [z/OS] native z/OS key management (gskkyman key database) to create a CMS key database file and self-signed server certificate.

Production Web servers must use signed certificates purchased from a Certificate Authority that supports IBM HTTP Server such as VeriSign or Thawte. The default certificate request file name is certreq.arm. The certificate request file is a PKCS 10 file, in Base64-encoded format.

[AIX Solaris HP-UX Linux Windows] You can use the IKEYMAN Key Management utility or IKEYMAN Key Management utility command line interface that is provided with IBM HTTP Server to create self-signed certificates.

[z/OS] You can use the [z/OS] native z/OS key management (gskkyman key database) to create self-signed certificates.

Self-signed certificates are useful for test purposes but should not be used in a production Web server.

For your convenience, IBM HTTP Server includes several default signer certificates. Be aware that these default signer certificates have expiration dates. It is important to verify the expiration dates of all your certificates and manage them appropriately. When you purchase a signed certificate from a CA, they will provide you access to their most recent signer certificates.




Subtopics
List of trusted certificate authorities on the IBM HTTP Server
[AIX Solaris HP-UX Linux Windows] Certificate expiration dates
SSL certificate revocation list
Obtaining certificates
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 6:08:30 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=ihs-dist&topic=cihs_introcert
File name: cihs_introcert.html