Certificate management in SSL

Certificate management in SSL

Overview

We can manage certificate operations that involve personal certificates, signer certificates, and personal certificate requests on the console.

Types of certificates

WAS uses certificates residing in keystores to establish trust for an SSL connection. Click...
Security | SSL certificate and key management | Manage endpoint security configurations | Inbound | Outbound | SSL_configuration_name | Key store and certificates | keystore

After selecting a keystore, or selecting to create a new keystore, and depending on the type of certificate needed, choose one of the following types of certificates under Related Items:

Personal certificate
Signer certificate
Certificate Authority (CA) certificates
Personal certificate request

Type Functions Description
Personal Create a self-signed certificate Create a self-signed certificate and store it in a keystore.
List personal certificates List all the personal certificates in a keystore.
Get information about a personal certificate Get information about a personal certificate.
Delete a personal certificate Delete a personal certificate from a keystore.
Import a certificate Import a certificate from a keystore to a keystore.
Export a certificate Export a certificate from a keystore to another keystore.
Extract a certificate Extract the signer part of a personal certificate to a file.
Exchange signer certificates Exchange signer part of a personal certificate between key store.
Receive a certificate Read a certificate that comes from a certificate authority (CA) into a keystore.
Replace a certificate Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer.
Create a chained certificate Create a chained certificate and stores it in a keystore.
Renew a certificate Renew a certificate with a new public/private key pair and stores it in a keystore.
Request a CA certificate Make a request to a CA using a CA client to obtain a CA certificate.
Certificate authority Create CA certificate Send a certificate request to an external certificate authority (CA).
Revoke CA certificate Send a revocation request to an external certificate authority (CA).
Signer certificates Add a signer certificate Add a signer certificate from a file to a keystore.
List signer certificates List all the signer certificates in a keystore.
Get information about a signer certificate Get information about a signer certificate.
Delete a signer certificate Delete a signer certificate from a keystore.
Extract a signer certificate Extract a signer certificate from a keystore, and store the certificate in a file.
Retrieve a signer from a port Retrieve a signer certificate from a port, and store it in a key store.
Certificate requests Create a certificate request Create a certificate request that can be sent to a CA.
List certificate requests List the certificate requests in a keystore.
Get information about a certificate request Get information about a certificate request.
Delete a certificate request Delete a certificate request from a keystore.
Extract a certificate request Extract a certificate request to a file.

Personal certificates

Function AdminTask object Administrative console
Create a self-signed certificate createSelfSignedCertificate Security | Secure Communications | Key store and certificates | key store | Create a Self-Signed Certificate
List personal certificates listPersonalCertificates Security | Secure Communications | Key store and certificates | key store | personal certificates
Get information about a personal certificate getPersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | alias
Delete a personal certificate deletePersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | delete
Import a certificate importCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | import
Export a certificate exportCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | export
Extract a certificate extractCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | extract
Exchange signer certificates exchangeSignerCertificates Security | Secure Communications | Key store and certificates | Exchange signers
Create a chained certificate createChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Click Create button and select Chained certificate
Renew a certificate renewChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Select a certificate. Click Renew button.
Create a chained Certificate createChainedCertificate Security | Secure communications | Key store and certificates | keystore | Create a chained certificate.
Request a CA certificate requestCACertificate Security | Secure communications | Key store and certificates | keystore | Request a CA certificate.:

Certificate authority (CA) certificates

Function AdminTask object Administrative console
Create a CA certificate createCACertificate Security | Secure Communications > Key store and certificates | key store | Personal certificates | Create | CA-signed certificate
Revoke a CA certificate revokeCACertificate Security | Secure Communications | Key store and certificates | key store | Personal certificates personal certificate | Revoke

Signer certificates

Function AdminTask object Administrative console
Add a signer certificate addSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | Add
List signer certificates listSignerCertificates Security | Secure communications | Key store and certificates | key store | signer certificates
Get information about a signer certificate getSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | alias
Delete a signer certificate deleteSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificate >delete
Extract a signer certificate to a file extractSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | extract
Retrieve a signer certificate from a port retrieveSignerFromPort Security | SSL certificate and key management | Key store and certificates | key store | signer certificates | retrieve from port

Personal certificate requests

Function AdminTask object Administrative console
Create a personal certificate request createCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate Requests | Add
List personal certificate requests listCertificateRequests Security | Secure communications | Key store and certificates | key store | Personal certificate requests
Get information about a personal certificate request getCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | alias
Delete a personal certificate request deleteCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | delete
Extract a personal certificate request to a file extractCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | Extract

Command-line

To create a self-signed certificate in the current directory, with the same name as the server...

Create shell script getCert.sh with contents...
echo -n | openssl s_client -connect $1:$2 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./$1.cert

Execute for your server
./getCert.sh serverName portNumber

Creates certificate...
serverName.cert

Import that cert into your trust store, or the cacert file of your java env.

Related concepts
Certificate management using iKeyman prior to SSL
Create self-signed certificates

Type	Functions	Description
Personal	Create a self-signed certificate	Create a self-signed certificate and store it in a keystore.
	List personal certificates	List all the personal certificates in a keystore.
	Get information about a personal certificate	Get information about a personal certificate.
	Delete a personal certificate	Delete a personal certificate from a keystore.
	Import a certificate	Import a certificate from a keystore to a keystore.
	Export a certificate	Export a certificate from a keystore to another keystore.
	Extract a certificate	Extract the signer part of a personal certificate to a file.
	Exchange signer certificates	Exchange signer part of a personal certificate between key store.
	Receive a certificate	Read a certificate that comes from a certificate authority (CA) into a keystore.
	Replace a certificate	Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer.
	Create a chained certificate	Create a chained certificate and stores it in a keystore.
	Renew a certificate	Renew a certificate with a new public/private key pair and stores it in a keystore.
	Request a CA certificate	Make a request to a CA using a CA client to obtain a CA certificate.
Certificate authority	Create CA certificate	Send a certificate request to an external certificate authority (CA).
Certificate authority	Revoke CA certificate	Send a revocation request to an external certificate authority (CA).
Signer certificates	Add a signer certificate	Add a signer certificate from a file to a keystore.
	List signer certificates	List all the signer certificates in a keystore.
	Get information about a signer certificate	Get information about a signer certificate.
	Delete a signer certificate	Delete a signer certificate from a keystore.
	Extract a signer certificate	Extract a signer certificate from a keystore, and store the certificate in a file.
	Retrieve a signer from a port	Retrieve a signer certificate from a port, and store it in a key store.
Certificate requests	Create a certificate request	Create a certificate request that can be sent to a CA.
	List certificate requests	List the certificate requests in a keystore.
	Get information about a certificate request	Get information about a certificate request.
	Delete a certificate request	Delete a certificate request from a keystore.
	Extract a certificate request	Extract a certificate request to a file.

Function	AdminTask object	Administrative console
Create a self-signed certificate	createSelfSignedCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| Create a Self-Signed Certificate
List personal certificates	listPersonalCertificates	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates
Get information about a personal certificate	getPersonalCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| alias
Delete a personal certificate	deletePersonalCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| delete
Import a certificate	importCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| import
Export a certificate	exportCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| export
Extract a certificate	extractCertificate	Security \| Secure Communications \| Key store and certificates \| key store \| personal certificates \| extract
Exchange signer certificates	exchangeSignerCertificates	Security \| Secure Communications \| Key store and certificates \| Exchange signers
Create a chained certificate	createChainedCertificate	Security \| SSL certificate and key management \| Key store and certificates \| keystore name \| Personal certificates. Click Create button and select Chained certificate
Renew a certificate	renewChainedCertificate	Security \| SSL certificate and key management \| Key store and certificates \| keystore name \| Personal certificates. Select a certificate. Click Renew button.
Create a chained Certificate	createChainedCertificate	Security \| Secure communications \| Key store and certificates \| keystore \| Create a chained certificate.
Request a CA certificate	requestCACertificate	Security \| Secure communications \| Key store and certificates \| keystore \| Request a CA certificate.:

Function	AdminTask object	Administrative console
Create a CA certificate	createCACertificate	Security \| Secure Communications > Key store and certificates \| key store \| Personal certificates \| Create \| CA-signed certificate
Revoke a CA certificate	revokeCACertificate	Security \| Secure Communications \| Key store and certificates \| key store \| Personal certificates personal certificate \| Revoke

Function	AdminTask object	Administrative console
Add a signer certificate	addSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| Add
List signer certificates	listSignerCertificates	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates
Get information about a signer certificate	getSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| alias
Delete a signer certificate	deleteSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificate >delete
Extract a signer certificate to a file	extractSignerCertificate	Security \| Secure communications \| Key store and certificates \| key store \| signer certificates \| extract
Retrieve a signer certificate from a port	retrieveSignerFromPort	Security \| SSL certificate and key management \| Key store and certificates \| key store \| signer certificates \| retrieve from port

Function	AdminTask object	Administrative console
Create a personal certificate request	createCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate Requests \| Add
List personal certificate requests	listCertificateRequests	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests
Get information about a personal certificate request	getCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| alias
Delete a personal certificate request	deleteCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| delete
Extract a personal certificate request to a file	extractCertificateRequest	Security \| Secure communications \| Key store and certificates \| key store \| Personal certificate requests \| Extract