Create a chained personal certificate in SSL

A chained personal certificate is a personal certificate that is created by using another personal certificate to sign it. This chaining allows a certificate to be signed with a certificate (a root certificate) that has a long life span. Root certificates are stored in the DmgrDefaultRootStore or NodeDefaultRootStore. The server’s default personal certificate is a chained certificate created when the profile is created. Chained certificates can also be created after profile creation You use the admin console to create a chained personal certificate.


  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which you want to add the chained personal certificate.

  4. Under Additional Properties, click Personal certificates .

  5. Click the Create button and select Chained Certificate

    The listCertificates AdminTask can be used to generate the list of root certificates available to sign the certificate.

  6. Fill in the following information to the General Properties section as follows:

    • Supply an alias name.

    • Select Root certificate from the pull down list.
    • Key size

    • Common name

    • Validity period

    • Organization

    • Organization Unit

    • Locality

    • State/Province

    • Zip code

    • Country or region

  7. Click Apply then OK.



The certificate is created, signed by the root certificate specified, and stored in the keystore. Once a chained personal certificate is created, the certificate can be used by the runtime for SSL communication.


Next steps


Related tasks

Create an SSL configuration