Create a CA certificate in SSL

Certificates can be created by a certificate authority (CA) when a CAClient object is configured to connect to the CA to create the certificate. Certificates created by a certificate authority (CA) with a CA client are tracked in the security configuration in an object called CACertificate. The certificate is stored in a keystore and a CACertificate object is added to the configuration to reference the certificate. CA certificates are personal certificates.

Before beginning, a CA client must be created to connect to the CA server. You then use the admin console to create a CA certificate.


  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which you want to add the new CA certificate.

  4. Under Additional Properties, click Personal certificates to create a new CA certificate in the configuration.

    You can also create a CA certificate by using requestCACertificate AdminTask .

  5. Click the Create button and select CA-signed Certificate

  6. Fill in the following information to the CA certificate section.

    • Revocation password

    • Confirm password.

    • Select the CA client from the pull down list.

      We can create a new CA client to apply to this CA authority by clicking the New button.

    • Fill in the following information to the Request Specification section:

      • Select the radio button for a predefined request alias if a certificate request is already created.

      • If we do not have a predefined certificate request alias, fill in the following fields:

        1. Type an alias name in the Alias field. The alias identifies the certificate request in the keystore.

        2. Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).

        3. Optional: Type an organization value. This value is the O value in the certificate DN.

        4. Optional: Select a key size value. The default key size value is 1024 bits.

        5. Locality

        6. Optional: Type the State or Province value. This value is the ST value in the certificate DN.

        7. Optional: Type a zip code value. The zip code value is the POSTALCODE value in the certificate DN.

        8. Optional: Type a country or region value from the list. This country value is the C= value in the certificate request DN.

  7. Click Apply then OK.



The certificate is stored in the keystore selected in the path to this panel and a CACertificate configuration object is created. Once a CA certificate is created the certificate can be used by the runtime for SSL communication.

An existing certificate request can be used to create the CA certificate or a new certificate request can be created. This panel uses the requestCAClient AdminTask to create the CA certificate.


Related tasks

Create certificate authority (CA) personal certificates using wsadmin
Create an SSL configuration