CSR Support

 

IBM HTTP

Creating a Certificate Signing Request

  1. Start the key manangement utility:

If NT: click start button - IBM HTTP Server - Start Key Management Utility

If Unix: type ikmgui from command line.

  1. Select Key Database File from the main menu, then select New.
  1. Select Key Database type as CMS Key database file or keyring file. Enter your key database name or click key.kdb (or keyfile.kyr for keyring) if you are using the default in the new dialog box.
  1. Type and confirm your password in the Password Prompt dialog box.

Warning: If you lose the password, you must purchase another certificate.

  1. Select Key Database File from the main menu, then select Open.
  1. Enter your key database name or click on key.kdb (keyfile.kyr for keyring) if you are using the default in the Open dialog box. Click Open.
  1. Select Create from the main menu, then select New Certificate Request.
  1. Enter a Key Label in the New Key and Certificate Request dialog box. Use a name/label that identifies the key and certificate in the database, for example: My Server Certificate.

***Note: Make a backup copy of your key.kdb or server.kyr file and store it in a safe place***

  1. When creating a CSR you must follow these conventions. Complete the following Distinguished Name Field information.

The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ? &  

 

Distinguished Name Field

Explanation

Example

Country Name

The two-letter ISO abbreviation for your country

US = United States

State or Province Name

The state or province where your organization is located. Can not be abbreviated.

Georgia

City or Locality

The city where your organization is located.

Atlanta

Organization Name

The exact legal name of your organization. Do not abbreviate

IPS S.L.

Organizational Unit

Optional for additional organization information

Marketing

Common Name (Server Host Name)

The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.

If you intend to secure the URL https://secure.yourURL.com, then your CSR's Server Hostname must be secure.yourURL.com

Server Admin.'s email address

Your email address

abc@yourURL.com

 
 
  1.  Enter the certificate request file name, or default name certreq.arm
  1.  In the Information dialog box, click <OK>.
  1.  Submit your CSR to IPSCA.  

 


 CSR installation

 

Installing a Server Digital Certificate on an IBM Server

This document introduces installing a Server Digital Certificate, and answers questions you might have.

Installing a Server Digital Certificate
When you receive your new Server Digital Certificate from , you need to extract it from the e-mail message and install it on your server. To do this:
  1. From your e-mail program, save the Server Digital Certificate PRIVACY-ENHANCED message to a file, such as cert.txt. You do not need to save the entire email message body, only the "PRIVACY-ENHANCED MESSAGE" section that looks something like this: 
    -----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type:4,MIC-ONLY
Content-Domain:RFC822
Originator-Certificate:
 M0oZIhvcNAQECBQAwdTELMAkGA1UEBhMCdXMxETAPBgNVBAgTCFZpcmdQ
 QDFbROYmWwfHYv8fNhcsxjDycapbmlhMREwDwYDVQNobW9uZDEUMBIGA1
 UEChMLU2lnbmV0IEJhbmsxGjAYBgNVBAMTEW9ubGluZS5zaWduZXQuY29
 tMQ4wDAYDVQQREwUyMzA2MDAaFwsIIB0zCCAX5NjA2MjcxNDM2WhcLOTc
 wNjI3MTQzNlowdTELMAkGA1UEBhMCdXMxETAPBgNVBAgTCFZpcmdpbmlh
 HAgMBAAEwDQYJKoMREwDwYDVQQHEwhSaWNobW9uZDEUMBIGA1UEChMLU2
 lnbmV0IEJhbmsxGjAYBCBDHSnF0wDQYJKgNVBAMTEW9ubGluZS5zaWduZ
 XQuY29tMQ4wDAYDVQQREwUyMzA2MDBcMA0GCSqGSIb3DQEBAQQHEwhSaW
 UAA0sAMEgC0Bpk32282UcNv+WNsREiAzg78b5qSEbuRJi/Zz7YzloFMcS
 KKzMgJKx1KX0JZIhvcNAQECBQADQQAjF267qVWg62SFOMLxNJtzEMJkKU
 HLMUetTpGDIuIDmZojSp6fiYjHdZMGsMZtNKgW3dQRpM4MFbvtT3niM+B
MIC-Info: RSA-MD5,RSA,
 fhrG5dHAvJtRrArO07lsfBZiqg4h yiBPr6NL7zl3+4Yar0ozKqF6EaQt
 pdSw2BTC744A1bw==

VGhpcyBpcyBhbiBSRkMtMTQyNCBDU1IuCg==
Issuer-Certificate:
 MIIYCBQqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMJAAABCDDCCAZFMA
 0GCSSAwHgYD2F0Ghvcml0eTCBVQ0EgRGF0YSBTZWN1cml0eSwgSW5jLjE
 uMCwGA1UECxMlTG93IEFzc3VyYW5jZSBDZXJ0aWZpY2F0aW9uIEF1dGhv
 cml0eTAeFw05NDExMDkyMzE5NDRaFw05OTEyMzEyMzE5NDRaMF8xCzAJB
 gNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLj
 EuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpYmzANBgkqhkiG9w
 0BAQEFAAOBiQAwgYUQKExdSUCfgCSznrBroM+WqqJg1esJQF2DK2ujiw3
 zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12aIGaBaJLyUslZiJWb
 IgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmcHhXVSVQscz
 ppgrGXOZxtcGdI5d0taW9uIEF1d1sgeewIDAQABMA0GCSqGSIb3DQEBAg
 UAA2EAIzgp7oVk3UavvD4VAUsymzoZmn0ED0PC7cPuPVPDdc4KvdUTmlu
 Os51EMpAD1HWgCH5RH1dntFC7sjlgsAydjBOzVJli/Oki5JOkCwvYiLY7
 2ofrXaS1f/k3q45q8Qlg
MIC-Info: RSA-MD5,RSA,
 fyiBPr6tpdSw2Biz9b5dHAvJtRhrGqg4hsvrArO07lsfBZiLoPBcNNaZN
 L7zl3+4Yar0ozKqF6EaQTC744A1bw==

VGhpcyBpcyBhbiBSRkMtMTQyNCBDU1IuCg==
-----END PRIVACY-ENHANCED MESSAGE-----
  2. Open your server's receive certificate form.
  3. Enter the name of the file that contains the Server Digital Certificate. For example, cert.txt.
  4. Enter your key ring password. You cannot install the Digital Certificate without this password. If you do not remember the password, you will need to submit a new Server Digital Certificate request and purchase another Digital Certificate.
  5. Set up your security configuration using the basic security configuration form. You must specify:
    • Whether or not you want your server to accept requests for secure connections using the SSL protocol.
    • Whether or not you want your server to accept requests for a non-secure connections
    • The port number that you want to use for SSL requests. The default is 443.
    • The name of the file where you want to store your SSL keys.
    • The name of the file where you want to store your passwords to your passwords to your SSL keys. IBM recommends that you use the default value.

  return to the top

© 1996 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
  can be found in our repository
Read our  Privacy Policy and Terms of Use