Before the current default personal certificate can be replaced,
you must request a certificate from a certificate authority. You can
create a new certificate request or use the createCertificateRequest
command to use a predefined certificate request. The system uses the
certificate request and the certificate authority configuration information
from the CA client object to request the certificate from the certificate
authority. If the certificate authority returns a certificate, then
the requestCAcertificate command stores the certificate in the specified
key store and returns a message of
COMPLETE.
Table 1. Required parameters. Use the requestCACertificate
command and the following required parameters to request a certificate
from a certificate authority:
Parameter |
Description |
Data Type |
-certificateAlias |
Specifies the alias of the certificate. You
can specify a predefined certificate request. |
String |
-keyStoreName |
Specifies the name of the keystore object that
stores the CA certificate. Use the listKeyStores command to display
a list of available keystores. |
String |
-caClientName |
Specifies the name of the CA client that was
used to create the CA certificate. |
String |
-revocationPassword |
Specifies the password to use to revoke the
certificate at a later date. |
String |
Use the following example command syntax to request
a certificate from a certificate authority:
AdminTask.requestCACertificate('-certificateAlias newCertificate -keyStoreName
CellDefaultKeyStore -caClientName myCAClient -revocationPassword revokeCApw
-pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient')
The command returns one of two values:
Certificate
COMPLETE or
certificate PENDING. If the command returns
the
Certificate COMPLETE message, the certificate authority
returned the requested certificate and the default personal certificate
is replaced. If the command returns the
certificate PENDING message,
the certificate authority did not yet return a certificate. Use the
queryCACertificate command to view the current status of the certificate
request, as the following example demonstrates:
AdminTask.queryCACertificate('-certificateAlias newCertificate -keyStoreName
CellDefaultKeyStore -pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient')