Create certificate signing requests



Search Tips   |   Advanced Search


To obtain a certificate from a certificate authority, submit a certificate signing request (CSR) using the key management utility (iKeyman). You can request either production or test certificates from a CA with a CSR. With the key management utility, generating a certificate signing request also generates a private key for the application for which the certificate is requested. The private key remains in the application keystore file, so it stays private. The public key is included in the certificate requested.



  1. Start the key management utility, if it is not already running.

  2. Open the key database file from which you want to generate the request.

  3. Type the password and click OK.

  4. Click Create > New Certificate Request. The Create New Key and Certificate Request window displays.

  5. Type a Key Label, a Common Name, and Organization; and select a Country. For the remaining fields, accept the default value, type a value, or select new values. The common name must be valid in the configured user registry for the secured WebSphere environment.

  6. Type in a name for the file, such as certreq.arm.

  7. Click OK to complete.

  8. Optional: On UNIX-based platforms, remove the end of line characters (^M) from the certificate signing request. To remove the end of line characters, type the following command:

    cat certreq.arm |tr -d "\r" > new_certreq.arm

  9. Send the certreq.arm file to the certificate authority (CA) following the instructions from the CA Web site for requesting a new certificate.



The Personal Certificate Requests list shows the key label of the new digital certificate request you just created. Send the file to a CA to request a new digital certificate, or cut and paste the request into the request forms of the CA Web site.


What to do next

You need to request a certificate authority-signed digital certificate for your secure WebSphere domain. Once you submit the certificate signing request, wait for the CA to accept the request. After the CA has verified your identity, it sends back the signed certificate usually through e-mail. Receive the signed certificate back to the keystore file from which you generated the CSR.


Related Tasks

Receive certificate authority-signed personal certificates
Manage digital certificates




WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.