Certificate management in SSL

Certificate management in SSL

+
Search Tips | Advanced Search

WAS uses certificates in keystores to establish trust for an SSL connection. We can use the console to manage certificate operations, including...

Personal certificates
Signer certificates
Personal certificate requests

Go to...

Security | SSL certificate and key management | Manage endpoint security configurations | Inbound | Outbound | SSL_configuration_nams | Key stores and certificates | keystore

Certificate types

Type Function
Personal certificates Create a self-signed certificate and store in a keystore.
List all the personal certificates in a keystore.
Get information about a personal certificate.
Delete a personal certificate from a keystore.
Import a certificate from a keystore to a keystore.
Export a certificate from a keystore to another keystore.
Extract the signer part of a personal certificate to a file.
Exchange signer part of a personal certificate between key store.
Read a certificate that comes from a certificate authority into a keystore.
Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer.
Create a chained certificate and stores it in a keystore.
Renew a certificate with a new public/private key pair and stores it in a keystore.
Certificate authority (CA) certificates Send a certificate request to an external certificate authority.
Send a revocation request to an external certificate authority.
Signer certificates Add a signer certificate from a file to a keystore.
List all the signer certificates in a keystore.
Get information about a signer certificate.
Delete a signer certificate from a keystore.
Extract a signer certificate from a keystore, and store the certificate in a file.
Retrieve a signer certificate from a port, and store in a key store.
Certificate requests Create a certificate request that can be sent to a CA.
List the certificate requests in a keystore.
Gets information about a certificate request.
Deletes a certificate request from a keystore.
Extracts a certificate request to a file.

Personal certificates

Function AdminTask object Administrative console
Create a self-signed certificate createSelfSignedCertificate Security | Secure Communications | Key store and certificates | key store | Create a Self-Signed Certificate
List personal certificates listPersonalCertificates Security | Secure Communications | Key store and certificates | key store | personal certificates
Get information about a personal certificate getPersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | alias
Delete a personal certificate deletePersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | delete
Import a certificate importCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | import
Export a certificate exportCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | export
Extract a certificate extractCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | extract
Exchange signer certificates exchangeSignerCertificates Security | Secure Communications | Key store and certificates | Exchange signers
Create a chained certificate createChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Click Create button and select Chained certificate
Renew a certificate renewChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Select a certificate. Click Renew button.

Certificate authority (CA) certificates

The following table lists the operations that we can perform on CA certificates, the AdminTask object that we can use to perform that operation, and how to navigate to the certificate on the console:

Function AdminTask object Administrative console
Create a CA certificate createCACertificate Security | Secure Communications | Key store and certificates | key store | Personal certificates | Create | CA-signed certificate
Revoke a CA certificate revokeCACertificate Security | Secure Communications | Key store and certificates | key store | Personal certificates personal certificate | Revoke

Signer certificates

The following table lists the operations that we can perform with signer certificates, the AdminTask object that we can use to perform the operation, and how to navigate to the certificate on the console:

Function AdminTask object Administrative console
Add a signer certificate addSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | Add
List signer certificates listSignerCertificates Security | Secure communications | Key store and certificates | key store | signer certificates
Get information about a signer certificate getSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | alias
Delete a signer certificate deleteSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificate |delete
Extract a signer certificate to a file extractSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | extract
Retrieve a signer certificate from a port retrieveSignerFromPort Security | Secure communications | Key store and certificates | key store | signer certificates | retrieve from port

Personal certificate requests

The following table lists the operations that we can perform on personal certificate requests, the AdminTask object that we can use to perform that operation, and how to navigate to the certificate request on the console:

Function AdminTask object Administrative console
Create a personal certificate request createCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate Requests | Add
List personal certificate requests listCertificateRequests Security | Secure communications | Key store and certificates | key store | Personal certificate requests
Get information about a personal certificate request getCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | alias
Delete a personal certificate request deleteCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | delete
Extract a personal certificate request to a file extractCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | Extract

Related concepts
Certificate management using iKeyman

Related tasks
Create self-signed certificates using scripting

Type	Function
Personal certificates	Create a self-signed certificate and store in a keystore.
	List all the personal certificates in a keystore.
	Get information about a personal certificate.
	Delete a personal certificate from a keystore.
	Import a certificate from a keystore to a keystore.
	Export a certificate from a keystore to another keystore.
	Extract the signer part of a personal certificate to a file.
	Exchange signer part of a personal certificate between key store.
	Read a certificate that comes from a certificate authority into a keystore.
	Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer.
	Create a chained certificate and stores it in a keystore.
	Renew a certificate with a new public/private key pair and stores it in a keystore.
Certificate authority (CA) certificates	Send a certificate request to an external certificate authority.
Certificate authority (CA) certificates	Send a revocation request to an external certificate authority.
Signer certificates	Add a signer certificate from a file to a keystore.
	List all the signer certificates in a keystore.
	Get information about a signer certificate.
	Delete a signer certificate from a keystore.
	Extract a signer certificate from a keystore, and store the certificate in a file.
	Retrieve a signer certificate from a port, and store in a key store.
Certificate requests	Create a certificate request that can be sent to a CA.
	List the certificate requests in a keystore.
	Gets information about a certificate request.
	Deletes a certificate request from a keystore.
	Extracts a certificate request to a file.

Function	AdminTask object	Administrative console
Create a self-signed certificate	createSelfSignedCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| Create a Self-Signed Certificate
List personal certificates	listPersonalCertificates	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates
Get information about a personal certificate	getPersonalCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| alias
Delete a personal certificate	deletePersonalCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| delete
Import a certificate	importCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| import
Export a certificate	exportCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| export
Extract a certificate	extractCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| extract
Exchange signer certificates	exchangeSignerCertificates	Security \| Secure Communications \| Key store and certificates \| Exchange signers
Create a chained certificate	createChainedCertificate	Security \| SSL certificate and key management \| Key store and certificates \| keystore name \| Personal certificates. Click Create button and select Chained certificate
Renew a certificate	renewChainedCertificate	Security \| SSL certificate and key management \| Key store and certificates \| keystore name \| Personal certificates. Select a certificate. Click Renew button.

Function	AdminTask object	Administrative console
Create a CA certificate	createCACertificate	Security \| Secure Communications \| Key store and certificates \| key store \| Personal certificates \| Create \| CA-signed certificate
Revoke a CA certificate	revokeCACertificate	Security \| Secure Communications \| Key store and certificates \| key store \| Personal certificates personal certificate \| Revoke

Function	AdminTask object	Administrative console
Add a signer certificate	addSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| Add
List signer certificates	listSignerCertificates	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates
Get information about a signer certificate	getSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| alias
Delete a signer certificate	deleteSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificate \|delete
Extract a signer certificate to a file	extractSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| extract
Retrieve a signer certificate from a port	retrieveSignerFromPort	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| retrieve from port

Function	AdminTask object	Administrative console
Create a personal certificate request	createCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate Requests \| Add
List personal certificate requests	listCertificateRequests	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests
Get information about a personal certificate request	getCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| alias
Delete a personal certificate request	deleteCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| delete
Extract a personal certificate request to a file	extractCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| Extract