Create self-signed personal certificates

A self-signed personal certificate is a temporary digital certificate you issue to yourself, acting as the certificate authority (CA). Creating a self-signed certificate creates a private key and a public key within the key database file. The self-signed certificate is created in a keystore file and it is useful when you develop and test your application. You can also create a self-signed personal certificate from your cryptographic token device. If you want to create a self-signed certificate for a keystore, you must have already created the keystore file. You can later extract the public key and add the key as a signer certificate to other truststore files.

Read the file $WAS_HOME/web/docs/ikeyman/ikmuserguide.pdf for further information about how to create a self-signed personal certificate within a key database file.

  1. Start the key management utility, if it is not already running.

  2. Click New Self-Signed from the tool bar or click Create > New Self-Signed Certificate.

  3. Select the X509 version and the key size that suits your application.

  4. Enter the appropriate information for your self-signed certificate...

    Key Label Give the certificate a key label, which is used to uniquely identify the certificate within the keystore file. If you have only one certificate in each keystore file, you can assign any value to the label. However, it is good practice to use a unique label related to the server name.

    Common Name Enter the common name. This name is the primary, universal identity for the certificate; it should uniquely identify the principal that it represents. In a WebSphere environment, certificates frequently represent server principals, and the common convention is to use common names of the form host_name and server. The common name must be valid in the configured user registry for the secured WebSphere environment.

    Organization Enter the name of your organization.

    Optional fields Enter the organization unit (a department or division), location (city), state and province (if applicable), zip code (if applicable), and select the two-letter identifier of the country in which the server belongs. For a self-signed certificate, these fields are optional. However, commercial CAs might require them.

    Validity period Specify the lifetime of the certificate in days, or accept the default.

  5. Click OK.

Your key database file now contains a self-signed personal certificate.


Usage Scenario

If you need a test certificate signed by a certificate authority, follow the procedure in Creating a certification request.


See Also

Digital certificates
Creating a keystore file
Creating a keystore file
Creating truststore files
Extracting public certificates for truststore files