+

Search Tips   |   Advanced Search

 

Create a self-signed certificate

 

You can create a self-signed certificate. WebSphere Application Server uses the certificate at runtime during the handshake protocol. Self-signed certificates are located in the default keystore. You must create a keystore before you can create a self-signed certificate.

 

Overview

Complete the following steps in the console:

 

Procedure

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates > [keystore ].

  2. From Additional Properties, click Personal certificates.

  3. Click Create a self-signed certificate.

  4. Type a certificate alias name. The alias identifies the certificate request in the keystore.

  5. Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).

  6. Type an organization value. This value is the O value in the certificate DN.

  7. You can configure one or more of the following optional values:

       

    1. Optional: Select a key size value. The default key size value is 1024 bits.

       

    2. Optional: Type an organizational unit value. This organizational unit value is the OU value in the certificate DN.

       

    3. Optional: Type a locality value. This locality value is the L value in the certificate DN.

       

    4. Optional: Type a state or providence value. This value is the ST value in the certificate DN.

       

    5. Optional: Type a zip code value. This zip code value is the POSTALCODE value in the certificate DN.

       

    6. Optional: Select a country value from the list. This country value is the C= value in the certificate request DN.

  8. Click Apply.

 

Results

You have created a self-signed certificate that resides in the keystore. The SSL configuration for the WAS runtime uses this certificate for SSL communication. Extract the signer of the self-signed certificate to add the signer to another keystore.

 

What to do next

To create a self-signed certificate by using the wsadmin tool, use the createSelfSignedCertificate command of the AdminTask object. For more information, see PersonalCertificateCommands command group for the AdminTask object.



Replacing an existing self-signed certificate

 

Related concepts


Secure Sockets Layer configurations
Keystore configurations
Default self-signed certificate configuration

 

Related Reference


PersonalCertificateCommands command group for the AdminTask object