Receiving a certificate issued by a certificate authority

When a certificate authority (CA) receives a certificate request, it issues a new certificate that functions as a temporary placeholder for a CA-issued certificate. A keystore receives the certificate from the CA and generates a CA-signed personal certificate that WebSphere Application Server can use for SSL security.

The keystore must contain the certificate request created and sent to the CA. Also, the keystore must be able to access the certificate that is returned by the CA.

To receive a certificate using the wsadmin tool, use the receiveCertificate command of the AdminTask object. See PersonalCertificateCommands .article.

WAS can receive only those certificates generated by a WAS certificate request. It cannot receive certificates that are created with certificate requests from other keystore tools, such as iKeyman and keyTool.

Complete the following steps in the administrative console:

Tasks

1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates > [keystore].
2. Under Additional Properties, click Personal certificates.

3. Select a personal certificate.

4. Click Receive a certificate from a certificate authority.

5. Type the full path and name of the certificate file.

6. Select a data type from the list.

7. Click Apply and Save.

The keystore contains a new personal certificate that is issued by a CA. The original certificate request is changed to a personal certificate.

What to do next

The SSL configuration is ready to use the new CA-signed personal certificate. If we are receiving the CA certificate for use as the default certificate in the keystore, ensure that the SSL configuration containing the keystore is updated with the appropriate default certificate alias. Or if the SSL Configuration already contains the old certificate's alias the replaceCertificate task can be used to find all occurrences of the old cert alias and replace it with the new certificate alias.

Subtopics

• Export certificate to a keystore file or a managed keystore
  Specify a personal certificate to export to a keystore file or a managed keystore.
• Import certificate from a key file or managed keystore
  Specify a personal certificate to import from a keystore or key file.
• Receive certificate from CA
  Use this page to import your personal certificate from the certificate authority (CA). The imported certificate replaces the temporary certificate associated with the public/private keys in the certificate request stored in the key store.

Related:

SSL configurations

Keystore configurations for SSL

Create a certificate authority request

PersonalCertificateCommands