List of trusted certificate authorities on the IBM HTTP Server
Associate our public key with a digitally signed certificate from a certificate authority (CA) that is designated as a trusted root CA on your server. We can buy a signed certificate by submitting a certificate request to a certificate authority provider. The default certificate request file name is certreq.arm. The certificate request file is a PKCS 10 file, in Base64-encoded format.
We can create a new.kdb keystore file and view the list of designated trusted certificate authorities (CAs). If we are using a personal certificate and the signer is not in the list, we must obtain a signer certificate from the associated trusted certificate authority. IBM HTTP Server supports the following certificate authority (CA) software:
- Any X.509-compliant certificate authority
- Entrust
- Netscape Certificate Server
- Tivoli PKI
- XCert
Related concepts
SSL certificate revocation list
Related tasks
Choosing the type of client authentication protection
![[AIX Solaris HP-UX Linux Windows]](dist.gif)