+

Search Tips   |   Advanced Search

Create a CA certificate in SSL

Certificates can be created by a certificate authority (CA) when a CAClient object is configured to connect to the CA to create the certificate. Certificates created by a certificate authority (CA) with a CA client are tracked in the security configuration in an object called CACertificate. The certificate is stored in a keystore and a CACertificate object is added to the configuration to reference the certificate. CA certificates are personal certificates.

Before beginning, a CA client must be created to connect to the CA server. We then use the administrative console to create a CA certificate.

In this release of WebSphere Application Server, the valid key size values are 512, 1024, 2048, 4096, and 8192. The default key size value is 2048 bits.


Tasks

  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which we want to add the new CA certificate.

  4. Under Additional Properties, click Personal certificates to create a new CA certificate in the configuration.

    We can also create a CA certificate using the requestCACertificate AdminTask .

  5. Click the Create button and select CA-signed Certificate
  6. Fill in the following information to the CA certificate section.

    • Revocation password
    • Confirm password.

    • Select the CA client from the pull down list.

      Create a new CA client to apply to this CA authority by clicking the New button.

    • Fill in the following information to the Request Specification section:

      • Select the radio button for a predefined request alias if a certificate request is already created.

      • If we do not have a predefined certificate request alias, fill in the following fields:

        1. Type an alias name in the Alias field. The alias identifies the certificate request in the keystore.

        2. Type a common name (CN) value. This value is the CN value in the certificate distinguished name (DN).
        3. Optional: Type an organization value. This value is the O value in the certificate DN.
        4. Optional: Select a key size value. The valid key size values are 512, 1024, 2048, 4096, and 8192. The default key size value is 2048 bits.
        5. Locality
        6. Optional: Type the State or Province value. This value is the ST value in the certificate DN.
        7. Optional: Type a zip code value. The zip code value is the POSTALCODE value in the certificate DN.
        8. Optional: Type a country or region value from the list. This country value is the C= value in the certificate request DN.

  7. Click Apply then OK.

The certificate is stored in the keystore selected in the path to this panel and a CACertificate configuration object is created. Once a CA certificate is created the certificate can be used by the runtime for SSL communication.

An existing certificate request can be used to create the CA certificate or a new certificate request can be created. This panel uses the requestCAClient AdminTask to create the CA certificate.

  • Create a Secure Sockets Layer configuration
  • Create certificate authority (CA) personal certificates