WAS v8.5 > Secure applications > Secure communications > Secure communications using SSL

Certificate management using iKeyman prior to SSL

Starting in WebSphere Application Server v6.1, we can manage your certificates from the dmgr console. When using versions of WAS prior to v6.1, use iKeyman for certificate management. iKeyman is a key management utility.

WAS certificate management requires defined the keystores in your WAS configuration. With iKeyman, you need access to the keystore file only. We can read a keystore file with personal certificates and signers that is created in iKeyman. A keystore file can be read into the WAS configuration using the createKeyStore command.

The majority of certificate management functions are the same between WAS and iKeyman, especially for personal certificates and signer certificates. However, certificate requests are special. The underlying behavior is different in the two certificate management schemes. Because of the different behavior, when a certificate request is generated from iKeyman, the process must be completed in iKeyman. For example, a certificate generated by a certificate request that originated in iKeyman must be received in iKeyman as well.

The same is true for WAS. For example, when a certificate is generated from a certificate request that originated in WAS, the certificate must be received in WAS.

We can perform the following certificate operations using iKeyman:

Available certificate operations using iKeyman. This table describes the available certificate operations using iKeyman.

Types of certificates Functions Description
Personal certificates Create a self-signed certificate Creates a self-signed certificate and stores it in a keystore.
  List personal certificates Lists all the personal certificates in a keystore.
  Get information about a personal certificate Gets information about a personal certificate.
  Delete a personal certificate Deletes a personal certificate from a keystore.
  Import a certificate Imports a certificate from a keystore to a keystore.
  Export a certificate Exports a certificate from a keystore to another keystore.
  Extract a certificate Extracts the signer part of a personal certificate to a file.
  Receive a certificate Reads a certificate that comes from a certificate authority (CA) into a keystore.
Signer certificates Add a signer certificate Adds a signer certificate from a file to a keystore.
  List signer certificates Lists all the signer certificates in a keystore.
  Get information about a signer certificate Gets information about a signer certificate.
  Delete a signer certificate Deletes a signer certificate from a keystore.
  Extract a signer certificate Extracts a signer certificate from a keystore, and stores the certificate in a file.
Certificate requests Create a certificate request Creates a certificate request that can be sent to a CA.
  List certificate requests Lists the certificate requests in a keystore.
  Get information about a certificate request Gets information about a certificate request.
  Delete a certificate request Deletes a certificate request from a keystore.
  Extract a certificate request Extracts a certificate request to a file.


Related concepts:

Certificate management in SSL


Related


Create a keystore configuration for a preexisting keystore file


+

Search Tips   |   Advanced Search