+

Search Tips   |   Advanced Search

Certificate management in SSL


Overview

We can manage certificate operations that involve personal certificates, signer certificates, and personal certificate requests on the console.


Types of certificates

WAS uses certificates residing in keystores to establish trust for an SSL connection. Click...

After selecting a keystore, or selecting to create a new keystore, and depending on the type of certificate needed, choose one of the following types of certificates under Related Items:

Type Functions Description
Personal Create a self-signed certificate Create a self-signed certificate and store it in a keystore.
List personal certificates List all the personal certificates in a keystore.
Get information about a personal certificate Get information about a personal certificate.
Delete a personal certificate Delete a personal certificate from a keystore.
Import a certificate Import a certificate from a keystore to a keystore.
Export a certificate Export a certificate from a keystore to another keystore.
Extract a certificate Extract the signer part of a personal certificate to a file.
Exchange signer certificates Exchange signer part of a personal certificate between key store.
Receive a certificate Read a certificate that comes from a certificate authority (CA) into a keystore.
Replace a certificate Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer.
Create a chained certificate Create a chained certificate and stores it in a keystore.
Renew a certificate Renew a certificate with a new public/private key pair and stores it in a keystore.
Request a CA certificate Make a request to a CA using a CA client to obtain a CA certificate.
Certificate authority Create CA certificate Send a certificate request to an external certificate authority (CA).
Revoke CA certificate Send a revocation request to an external certificate authority (CA).
Signer certificates Add a signer certificate Add a signer certificate from a file to a keystore.
List signer certificates List all the signer certificates in a keystore.
Get information about a signer certificate Get information about a signer certificate.
Delete a signer certificate Delete a signer certificate from a keystore.
Extract a signer certificate Extract a signer certificate from a keystore, and store the certificate in a file.
Retrieve a signer from a port Retrieve a signer certificate from a port, and store it in a key store.
Certificate requests Create a certificate request Create a certificate request that can be sent to a CA.
List certificate requests List the certificate requests in a keystore.
Get information about a certificate request Get information about a certificate request.
Delete a certificate request Delete a certificate request from a keystore.
Extract a certificate request Extract a certificate request to a file.


Personal certificates

Function AdminTask object Administrative console
Create a self-signed certificate createSelfSignedCertificate Security | Secure Communications | Key store and certificates | key store | Create a Self-Signed Certificate
List personal certificates listPersonalCertificates Security | Secure Communications | Key store and certificates | key store | personal certificates
Get information about a personal certificate getPersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | alias
Delete a personal certificate deletePersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | delete
Import a certificate importCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | import
Export a certificate exportCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | export
Extract a certificate extractCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | extract
Exchange signer certificates exchangeSignerCertificates Security | Secure Communications | Key store and certificates | Exchange signers
Create a chained certificate createChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Click Create button and select Chained certificate
Renew a certificate renewChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Select a certificate. Click Renew button.
Create a chained Certificate createChainedCertificate Security | Secure communications | Key store and certificates | keystore | Create a chained certificate.
Request a CA certificate requestCACertificate Security | Secure communications | Key store and certificates | keystore | Request a CA certificate.:


Certificate authority (CA) certificates

Function AdminTask object Administrative console
Create a CA certificate createCACertificate Security | Secure Communications > Key store and certificates | key store | Personal certificates | Create | CA-signed certificate
Revoke a CA certificate revokeCACertificate Security | Secure Communications | Key store and certificates | key store | Personal certificates personal certificate | Revoke


Signer certificates

Function AdminTask object Administrative console
Add a signer certificate addSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | Add
List signer certificates listSignerCertificates Security | Secure communications | Key store and certificates | key store | signer certificates
Get information about a signer certificate getSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | alias
Delete a signer certificate deleteSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificate >delete
Extract a signer certificate to a file extractSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | extract
Retrieve a signer certificate from a port retrieveSignerFromPort Security | SSL certificate and key management | Key store and certificates | key store | signer certificates | retrieve from port


Personal certificate requests

Function AdminTask object Administrative console
Create a personal certificate request createCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate Requests | Add
List personal certificate requests listCertificateRequests Security | Secure communications | Key store and certificates | key store | Personal certificate requests
Get information about a personal certificate request getCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | alias
Delete a personal certificate request deleteCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | delete
Extract a personal certificate request to a file extractCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | Extract


Command-line

To create a self-signed certificate in the current directory, with the same name as the server...

  1. Create shell script getCert.sh with contents...

      echo -n | openssl s_client -connect $1:$2 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./$1.cert

  2. Execute for your server

      ./getCert.sh serverName portNumber

    Creates certificate...

      serverName.cert

  3. Import that cert into your trust store, or the cacert file of your java env.


Related concepts

Certificate management using iKeyman prior to SSL
  • Create self-signed certificates