Create a self-signed certificate
You can create a self-signed certificate. WebSphere Application Server uses the certificate at runtime during the handshake protocol. Self-signed certificates are located in the default keystore. You must create a keystore before you can create a self-signed certificate.
Overview
Complete the following steps in the console:
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates > [keystore ].
- From Additional Properties, click Personal certificates.
- Click Create a self-signed certificate.
- Type a certificate alias name. The alias identifies the certificate request in the keystore.
- Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).
- Type an organization value. This value is the O value in the certificate DN.
- You can configure one or more of the following optional values:
- Optional: Select a key size value. The default key size value is 1024 bits.
- Optional: Type an organizational unit value. This organizational unit value is the OU value in the certificate DN.
- Optional: Type a locality value. This locality value is the L value in the certificate DN.
- Optional: Type a state or providence value. This value is the ST value in the certificate DN.
- Optional: Type a zip code value. This zip code value is the POSTALCODE value in the certificate DN.
- Optional: Select a country value from the list. This country value is the C= value in the certificate request DN.
- Click Apply.
Results
You have created a self-signed certificate that resides in the keystore. The SSL configuration for the WAS runtime uses this certificate for SSL communication. Extract the signer of the self-signed certificate to add the signer to another keystore.
What to do next
To create a self-signed certificate by using the wsadmin tool, use the createSelfSignedCertificate command of the AdminTask object. For more information, see PersonalCertificateCommands command group for the AdminTask object.
Replacing an existing self-signed certificate
Related concepts
Secure Sockets Layer configurations
Keystore configurations
Default self-signed certificate configuration
Related Reference
PersonalCertificateCommands command group for the AdminTask object