CSR Support

WebSphere Advanced Single Server Edition 4.0

Creating a Certificate Signing Request

Before being able to enable SSL on WebSphere, you need to have your own certificate. This certificate can be a self-certificate for testing purpose but in any production case, you should have a certificate issued by a Trusted CA. The following steps describe how to get your own certificate.

  1. Creating a keystore.
    A keystore is where your private key will be saved, in a secure way, and the certificate belongs to it. This keystore can be created either with the SUN keytool or with ikeyman a tool from IBM that is distributed with WebSphere Advanced Single Server Edition 4.0.
    Starting ikeyman tool
    The command to start it is: ./ikeyman.sh
    Once it is started, the following screen appears:

  1. Specifying a keystore
    From the main application, you can either use an existing keystore or create a new one. In the example below we want to create a new keystore that will be used only by WebSphere.
    In the IBM Key Management console, select the option Key Database File/New. A dialog box will appear:



    The options are:
 

Option

Value

Key database type

JKS

File Name

The name of the keystore. In the example: .keystore

Location

The location of the keystore. In the example: /usr/bin/java/websphere/bin

 
  1. Creating a certificate request
    You first need to create a certificate request before getting your certificate. The certificate request is created in Create/New Certificate Request. A new dialog box will appear where you are asked to enter some information:



    The options are:

Option

Value

Key label

A name that identify the request in list screen. For instance, sitecert

Key Size

Use the default value of 1024

Common Name

This is the Fully Qualified Domain Name, this is what will be in the URL after (but not including) the 'http://' and before the next '/'. Example www.mydomain.com

Organization

The Organization name. Example PSOFT

Organization Unit

The Organizational Unit. Example R"&"amp;D

Locality

The locality of your organization. Example Manchester

State/Province

The province of your organization. Example Salford Quays

Country

The country of your organization. Example GB

Request File Name

This is the name of the file where your CSR will be created.In the example: /usr/bin/java/websphere/bin/certreq.arm


  1. Now click on OK to generate your request.
    When the request is created, a key pair is also generated (a private key only stored in the keystore and a public key stored in the certificate you receive). If the request is successfully created, a dialog should inform you about it:



    You will need the contents of this file when applying for your certificate.


 CSR installation


Installing cert IBM WebSphere Advanced Single Server Edition 4.0

Before being able to enable SSL on WebSphere, you need to have your own certificate. This certificate can be a self-certificate for testing purpose but in any production case, you should have a certificate issued by a Trusted CA. The following steps describe how to get your own certificate and later how to configure WebSphere to use it.

Installing a certificate chain

Before you can add your certificate into the keystore, you must first include the certificates chain. You must install the following public certificates:

  1. Root CA Certificate ( IPSSERVIDORES certificate)
  1. Intermediate Root Certificate ( ipsCACLASE1 certificate)
  1. Server Certificate (the attached file in the mail)
You can add the certificates chain from the Signer Certificates screen as shown below:



Click on the Add button. A dialog box will appear where you have to enter the data, the Certificate file name (the certificate file you received) and its location. Once all of this information is entered click on OK.

Installing your site certificate

You can import it into your keystore. In the IBM Key Management console, select in the dropdown the option Personal Certificates as in the following screen:



Then click on the button Receive. A dialog box will appear where you have to enter the data, the Certificate file name (the certificate file you received) and its location. Once all of this information is entered click on OK.

Enabling SSL

Once your keystore has been successfully configured with your certificate, you can now enable SSL in WebSphere Application Server. In IBM WebSphere, SSL can be configured for each component. For more information on how to enable/configure it for each of them, please go to the IBM Web site at http://www-4.ibm.com/software/webservers/appserv/support.html

  return to the top

© 1996 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
  can be found in our repository
Read our  Privacy Policy and Terms of Use