Create a CA certificate in SSL
Certificates can be created by a certificate authority (CA) when a CAClient object is configured to connect to the CA to create the certificate. Certificates created by a certificate authority (CA) with a CA client are tracked in the security configuration in an object called CACertificate. The certificate is stored in a keystore and a CACertificate object is added to the configuration to reference the certificate. CA certificates are personal certificates.
Before beginning, a CA client must be created to connect to the CA server. You then use the admin console to create a CA certificate.
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which you want to add the new CA certificate.
- Under Additional Properties, click Personal certificates to create a new CA certificate in the configuration.
You can also create a CA certificate by using requestCACertificate AdminTask .
- Click the Create button and select CA-signed Certificate
- Fill in the following information to the CA certificate section.
- Revocation password
- Confirm password.
- Select the CA client from the pull down list.
We can create a new CA client to apply to this CA authority by clicking the New button.
- Fill in the following information to the Request Specification section:
- Select the radio button for a predefined request alias if a certificate request is already created.
- If we do not have a predefined certificate request alias, fill in the following fields:
- Type an alias name in the Alias field. The alias identifies the certificate request in the keystore.
- Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).
- Optional: Type an organization value. This value is the O value in the certificate DN.
- Optional: Select a key size value. The default key size value is 1024 bits.
- Optional: Type the State or Province value. This value is the ST value in the certificate DN.
- Optional: Type a zip code value. The zip code value is the POSTALCODE value in the certificate DN.
- Optional: Type a country or region value from the list. This country value is the C= value in the certificate request DN.
- Click Apply then OK.
ResultsThe certificate is stored in the keystore selected in the path to this panel and a CACertificate configuration object is created. Once a CA certificate is created the certificate can be used by the runtime for SSL communication.
An existing certificate request can be used to create the CA certificate or a new certificate request can be created. This panel uses the requestCAClient AdminTask to create the CA certificate.
Create certificate authority (CA) personal certificates using wsadmin
Create an SSL configuration