Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure communications


Create a certificate authority request

To ensure SSL communication, servers require a personal certificate that is either self-signed, chained or signed by an external certificate authority (CA). We must first create a personal certificate request to obtain a certificate that is signed by a CA. The keystore that contains a personal certificate request must already exist.

Alternative Method: To create a certificate request by using wsadmin, use the createCertificateRequest command of the AdminTask object. See the CertificateRequestCommands command group of the AdminTask object article. Complete the following steps in the admin console:


Procedure

  1. Click Security > SSL certificate and key management > Key stores and certificates > keystore.

  2. Click Personal certificate requests > New.

  3. Type the full path of the certificate request file. The certificate request is created in this location.
  4. Type an alias name in the Key label field. The alias identifies the certificate request in the keystore.
  5. Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).
  6. We can configure one or more of the following optional values:

    1. Optional: Select a key size value. The valid key size values are 512, 1024, 2048, 4096, and 8192. The default key size value is 2048 bits.

    2. Optional: Type an organization value. This value is the O value in the certificate DN.

    3. Optional: Type an organizational unit value. This organizational unit value is the OU value in the certificate DN.

    4. Optional: Type a locality value. This locality value is the L value in the certificate DN.

    5. Optional: Type a state or providence value. This value is the ST value in the certificate DN.

    6. Optional: Type a zip code value. The zip code value is the POSTALCODE value in the certificate DN.

    7. Optional: Select a country value from the list. This country value is the C= value in the certificate request DN.

  7. Click Apply.


Results

The certificate request is created in the specified file location in the keystore. The request functions as a temporary placeholder for the signed certificate until you manually receive the certificate in the keystore.

Key store tools (such as iKeyman and keyTool) cannot receive signed certificates that are generated by certificate requests from WAS. Similarly, WAS cannot accept certificates that are generated by certificate requests from other keystore utilities.


What to do next

Now you can receive the CA-signed certificate into the keystore to complete the process of generating a signed certificate for your server.


Related


Certificate request settings
Personal certificates collection
Self-signed certificates settings
Personal certificate requests collection
Personal certificate requests settings
Extract certificate request
Receive a certificate issued by a certificate authority
Replace a certificate
SSL configurations
Keystore configurations for SSL


Related


CertificateRequestCommands command group of the AdminTask object

+

Search Tips   |   Advanced Search