Personal certificates settings
Use this page to create new personal certificates.
To view this console page, click...
Security | SSL certificate and key management | Manage endpoint security configurations | Inbound | Outbound | SSL_configuration_name | Related items | Key stores and certificates | key store | Additional Properties | Personal certificates | Create a self-signed certificate
This same help file is available when you create a new certificate or modify an existing certificate. The fields in this file are marked according to when they show on the console.
Configuration tab
- Alias
-
Specify the alias for the personal certificate in the key store.
This field displays when you create a new certificate. This field is read-only when you view an existing certificate.
Data type: Text - V
-
Specify the version of the personal certificate. Valid versions include X509 V3, X509 V2, or X509 V1. IBM recommends to use X509 V3 certificates.
This field is read-only when you create or view a certificate.
Data type: Text Default: X509 V3 Range: - Key size
-
Specify the key size of the private key that is used by the personal certificate.
This field displays when you create or view a certificate.
Data type: Integer Default: 1024 - Common name
-
Specify the common name portion of the distinguished name (DN). IBM recommends that this name be the host name of the machine on which the certificate resides. In some cases, the common name is used to login during Secure Socket Layer (SSL) certificate authentication; therefore, in some cases, this name might be used as a user ID for a local operating system registry.
This field displays when you create a new certificate, but does not display when you view an existing certificate.
Data type: Text - Serial number
-
Specify the certificate serial number that is generated by the issuer of the certificate.
This field displays only when you view an existing certificate.
- Validity period
-
Length in days during which the certificate is valid. The default is 365 days.
This field displays when you create or view a certificate.
Data type: Text - Organization
-
Specify the organization portion of the distinguished name.
This field displays only when you create a new certificate.
Data type: Text - Organization unit
-
Specify the organization unit portion of the distinguished name. This field is optional.
This field displays only when you create a new certificate.
Data type: Text - Locality
-
Locality portion of the distinguished name. This field is optional.
This field displays only when you create a new certificate.
Data type: Text - State/Province
-
State portion of the distinguished name. This field is optional.
This field displays only when you create a new certificate.
Data type: Text - Zip code
-
Specify the zip code portion of the distinguished name. This field is optional.
This field displays only when you create a new certificate.
Data type: Integer - Country or region
-
Specify the country portion of the distinguished name.
This field displays only when you create a new certificate.
Data type: Text Default: (none) Refer to http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1.html for a list of ISO 3166 country codes.
- Validity period
-
Length, in days, when the certificate is valid. The default is 365 days.
This read-only field displays only when you view an existing certificate.
- Issued to
-
Specify the distinguished name of the entity to which the certificate was issued.
This read-only field displays only when you view an existing certificate.
- Issued by
-
Specify the distinguished name of the entity that issued the certificate. When the personal certificate is self-signed, this name is identical to the Issued to distinguished name.
This read-only field displays only when you view an existing certificate.
- Fingerprint (SHA Digest)
-
Specify the Secure Hash Algorithm (SHA hash) of the certificate, which can be used to verify the certificate's hash at another location, such as the client side of a connection.
This read-only field displays only when you view an existing certificate.
- Signature algorithm
-
Specify the algorithm used to sign the certificate.
This read-only field displays only when you view an existing certificate.
Related tasks
Creating a Secure Sockets Layer configuration
Related Reference
Key stores and certificates collectionPersonal certificates collection