Certificate management using iKeyman prior to SSL
Starting in WebSphere Application Server v6.1, we can manage certificates from the administrative console. When using versions of WAS prior to v6.1, use iKeyman for certificate management. iKeyman is a key management utility.
WAS certificate management requires defining the keystores in our WAS configuration. With iKeyman, we need access to the keystore file only. We can read a keystore file with personal certificates and signers created in iKeyman. A keystore file can be read into the WAS configuration using the createKeyStore command.
The majority of certificate management functions are the same between WAS and iKeyman, especially for personal certificates and signer certificates. However, certificate requests are special. The underlying behavior is different in the two certificate management schemes. Because of the different behavior, when a certificate request is generated from iKeyman, the process must be completed in iKeyman. For example, a certificate generated by a certificate request that originated in iKeyman must be received in iKeyman as well.
The same is true for WAS. For example, when a certificate is generated from a certificate request that originated in WAS, the certificate must be received in WAS.
We can perform the following certificate operations using iKeyman:
Types of certificates Functions Description Personal certificates Create a self-signed certificate Creates a self-signed certificate and stores it in a keystore.
List personal certificates Lists all the personal certificates in a keystore.
Get information about a personal certificate Gets information about a personal certificate.
Delete a personal certificate Deletes a personal certificate from a keystore.
Import a certificate Import a certificate from a keystore to a keystore.
Export a certificate Export a certificate from a keystore to another keystore.
Extract a certificate Extract the signer part of a personal certificate to a file.
Receive a certificate Reads a certificate that comes from a certificate authority (CA) into a keystore. Signer certificates Add a signer certificate Adds a signer certificate from a file to a keystore.
List signer certificates Lists all the signer certificates in a keystore.
Get information about a signer certificate Gets information about a signer certificate.
Delete a signer certificate Deletes a signer certificate from a keystore.
Extract a signer certificate Extract a signer certificate from a keystore, and stores the certificate in a file. Certificate requests Create a certificate request Creates a certificate request that can be sent to a CA.
List certificate requests Lists the certificate requests in a keystore.
Get information about a certificate request Gets information about a certificate request.
Delete a certificate request Deletes a certificate request from a keystore.
Extract a certificate request Extract a certificate request to a file.
Related:
Certificate management in SSL Create a keystore configuration for a preexisting keystore file