Certificate management in SSL
Overview
We can manage certificate operations that involve personal certificates, signer certificates, and personal certificate requests on the console.
Types of certificates
WAS uses certificates residing in keystores to establish trust for an SSL connection. Click...
Security | SSL certificate and key management | Manage endpoint security configurations | Inbound | Outbound | SSL_configuration_name | Key store and certificates | keystore
After selecting a keystore, or selecting to create a new keystore, and depending on the type of certificate needed, choose one of the following types of certificates under Related Items:
- Personal certificate
- Signer certificate
- Certificate Authority (CA) certificates
- Personal certificate request
Type Functions Description Personal Create a self-signed certificate Create a self-signed certificate and store it in a keystore. List personal certificates List all the personal certificates in a keystore. Get information about a personal certificate Get information about a personal certificate. Delete a personal certificate Delete a personal certificate from a keystore. Import a certificate Import a certificate from a keystore to a keystore. Export a certificate Export a certificate from a keystore to another keystore. Extract a certificate Extract the signer part of a personal certificate to a file. Exchange signer certificates Exchange signer part of a personal certificate between key store. Receive a certificate Read a certificate that comes from a certificate authority (CA) into a keystore. Replace a certificate Replace all occurrences of a personal certificate alias in the WAS configuration with another certificate. Also, replace all occurrences of the personal certificates signer with the new personal certificate signer. Create a chained certificate Create a chained certificate and stores it in a keystore. Renew a certificate Renew a certificate with a new public/private key pair and stores it in a keystore. Request a CA certificate Make a request to a CA using a CA client to obtain a CA certificate. Certificate authority Create CA certificate Send a certificate request to an external certificate authority (CA). Revoke CA certificate Send a revocation request to an external certificate authority (CA). Signer certificates Add a signer certificate Add a signer certificate from a file to a keystore. List signer certificates List all the signer certificates in a keystore. Get information about a signer certificate Get information about a signer certificate. Delete a signer certificate Delete a signer certificate from a keystore. Extract a signer certificate Extract a signer certificate from a keystore, and store the certificate in a file. Retrieve a signer from a port Retrieve a signer certificate from a port, and store it in a key store. Certificate requests Create a certificate request Create a certificate request that can be sent to a CA. List certificate requests List the certificate requests in a keystore. Get information about a certificate request Get information about a certificate request. Delete a certificate request Delete a certificate request from a keystore. Extract a certificate request Extract a certificate request to a file.
Personal certificates
Function AdminTask object Administrative console Create a self-signed certificate createSelfSignedCertificate Security | Secure Communications | Key store and certificates | key store | Create a Self-Signed Certificate List personal certificates listPersonalCertificates Security | Secure Communications | Key store and certificates | key store | personal certificates Get information about a personal certificate getPersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | alias Delete a personal certificate deletePersonalCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | delete Import a certificate importCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | import Export a certificate exportCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | export Extract a certificate extractCertificate Security | Secure Communications | Key store and certificates | key store | personal certificates | extract Exchange signer certificates exchangeSignerCertificates Security | Secure Communications | Key store and certificates | Exchange signers Create a chained certificate createChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Click Create button and select Chained certificate Renew a certificate renewChainedCertificate Security | SSL certificate and key management | Key store and certificates | keystore name | Personal certificates. Select a certificate. Click Renew button. Create a chained Certificate createChainedCertificate Security | Secure communications | Key store and certificates | keystore | Create a chained certificate. Request a CA certificate requestCACertificate Security | Secure communications | Key store and certificates | keystore | Request a CA certificate.:
Certificate authority (CA) certificates
Function AdminTask object Administrative console Create a CA certificate createCACertificate Security | Secure Communications > Key store and certificates | key store | Personal certificates | Create | CA-signed certificate Revoke a CA certificate revokeCACertificate Security | Secure Communications | Key store and certificates | key store | Personal certificates personal certificate | Revoke
Signer certificates
Function AdminTask object Administrative console Add a signer certificate addSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | Add List signer certificates listSignerCertificates Security | Secure communications | Key store and certificates | key store | signer certificates Get information about a signer certificate getSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | alias Delete a signer certificate deleteSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificate >delete Extract a signer certificate to a file extractSignerCertificate Security | Secure communications | Key store and certificates | key store | signer certificates | extract Retrieve a signer certificate from a port retrieveSignerFromPort Security | SSL certificate and key management | Key store and certificates | key store | signer certificates | retrieve from port
Personal certificate requests
Function AdminTask object Administrative console Create a personal certificate request createCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate Requests | Add List personal certificate requests listCertificateRequests Security | Secure communications | Key store and certificates | key store | Personal certificate requests Get information about a personal certificate request getCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | alias Delete a personal certificate request deleteCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | delete Extract a personal certificate request to a file extractCertificateRequest Security | Secure communications | Key store and certificates | key store | Personal certificate requests | Extract
Command-line
To create a self-signed certificate in the current directory, with the same name as the server...
- Create shell script getCert.sh with contents...
echo -n | openssl s_client -connect $1:$2 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./$1.cert
- Execute for your server
./getCert.sh serverName portNumber
Creates certificate...
serverName.cert
- Import that cert into your trust store, or the cacert file of your java env.
Related concepts
Certificate management using iKeyman prior to SSLCreate self-signed certificates