WAS v8.5 > Secure applications > Secure communications

Create a self-signed certificate

WAS uses certificates at runtime during the handshake protocol. Self-signed certificates are located in the default keystore.

You must create a keystore before creating a self-signed certificate.

Alternative Method: To create a self-signed certificate using wsadmin, use the createSelfSignedCertificate command of AdminTask. For more information, see the PersonalCertificateCommands command group for AdminTask article.

Complete the following steps in the dmgr console:

1. Click...
   >Security | SSL certificate and key management | Manage endpoint security configurations | {Inbound | Outbound} | ssl_configuration | Key stores and certificates | [keystore] | From Additional Properties | Personal certificates | Create a self-signed certificate

2. Type a certificate alias name.

   The alias identifies the certificate request in the keystore.

3. Type a common name (CN) value.

   This value is the CN value in the certificate distinguished name (DN).

4. Type the validity period

   The default validity period value is 365 days.

5. We can configure one or more of the following optional values:

   1. Optional: Select a key size value.

      The default key size value is 2048 bits.

   2. Optional: Type an organization value.

      This value is the O value in the certificate DN.

   3. Optional: Type an organizational unit value.

      This organizational unit value is the OU value in the certificate DN.

   4. Optional: Type a locality value.

      This locality value is the L value in the certificate DN.

   5. Optional: Type a state or providence value.

      This value is the ST value in the certificate DN.

   6. Optional: Type a zip code value.

      This zip code value is the POSTALCODE value in the certificate DN.

   7. Optional: Select a country value from the list.

      This country value is the C= value in the certificate request DN.

6. Click Apply.

Results

You have created a self-signed certificate that resides in the keystore. The SSL configuration for the WAS runtime uses this certificate for SSL communication. Extract the signer of the self-signed certificate to add the signer to another keystore.

Subtopics

• Replacing an existing personal certificate
  
• Replacing an existing personal certificate
  
• Create a new SSL certificate to replace an existing one in a node
  
• Create new SSL certificates to replace existing ones in a cell
  

Related concepts:

SSL configurations
Keystore configurations for SSL
Default chained certificate configuration in SSL

Reference:

PersonalCertificateCommands command group for AdminTask

+

Search Tips   |   Advanced Search