Create certificate signing requests

To obtain a certificate from a certificate authority, submit a certificate signing request (CSR) using the key management utility (iKeyman). You can request either production or test certificates from a CA with a CSR. With the key management utility, generating a certificate signing request also generates a private key for the application for which the certificate is requested. The private key remains in the application keystore file, so it stays private. The public key is included in the certificate requested. Read the file $WAS_HOME/web/docs/ikeyman/ikmuserguide.pdf for further information about how to create a certificate signing request from a key database file.

  1. Start the key management utility, if it is not already running.

  2. Open the key database file from which you want to generate the request.

  3. Type the password and click OK.

  4. Click Create > New Certificate Request. The Create New Key and Certificate Request window displays.

  5. Type a Key Label, a Common Name, and Organization; and select a Country. For the remaining fields, accept the default value, type a value, or select new values. The common name must be valid in the configured user registry for the secured WebSphere environment.

  6. Type in a name for the file, such as certreq.arm.

  7. Click OK to complete.

  8. Send the certreq.arm file to the certificate authority (CA) following the instructions from the CA Web site for requesting a new certificate.

The Personal Certificate Requests list shows the key label of the new digital certificate request you just created. Send the file to a CA to request a new digital certificate, or cut and paste the request into the request forms of the CA Web site.

 

Usage Scenario

Once you submit the certificate signing request, wait for the CA to accept the request. After the CA has verified your identity, it sends back the signed certificate usually through e-mail. Receive the signed certificate back to the keystore file from which you generated the CSR.

 

See Also

Receiving certificate authority-signed personal certificates
Managing digital certificates