In order to enroll for a certificate you must generate a Certificate Signing Request (CSR) for your IBM WebSphere you must generate your CSR from the system you plan on running the certificate. Like all certificates you must first create a CSR public/private key pair. These two items are unique and cannot be separated. WebSphere uses keystores to store the public/private keypair, and from this keystore you will generate your CSR. The CSR you will give to the CA for signing and the private key will rest in the systems keystore.
IBM WebSphere is a very complex system. These instructions are from a best effort to make keystore/CSR creation as simple as possible. You may have to refer to IBM support listed at the bottom of this article
To generate a CSR on a IBM WebSphere system perform the following.
Step 1: Creating your Keystore:
- Start the Key Management Utility (iKeyman).
- In the IBM Key Management Utility, click on Key Database File and then New.
- In the next dialog box, choose the following options:
- Key database type: Choose JKS.
- File name: Specify a file name for your new keystore.
- Location: Click Browse to Specify a location to create your keystore. Typically you will store your keystore in the following location /usr/bin/java/websphere/bin/ or in Program Files\IBMWebSphere\AppServer\profiles\default\etc\ or where ever you previously may store your keystores.
- Press “OK” when you are finished.
- Specify a easy to remember password and Click OK.
Note: Do not forget this password, you will need it for certificate installation.
Step 2: Creating your CSR:
Back in your IBM WebsSphere iKeyman GUI perform the following.
- Click Create then New Certificate Request.
- In the Create New Key and Certificate Request window fill out the applicable information:
Note: All fields except for Zipcode are NOT optional, and must be filled out.- Key Label: A friendly name of your choice.
- In the Key Size drop down menu select 2048.
- Common Name: The Common Name is the Host + Domain Name. It looks like “www.mydomain.com” or “company.com”. If you are enrolling for a wildcard certificate specify *.mydomain.com
- Organization: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation
- Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
- Locality: The Locality field is the city or town name, for example: Boston
- StateProvince: Spell out the state completely; do not abbreviate the state or province name, for example: New York
- Zipcode: This field is optional and not nessesary
- Country or region: From the Drop down menu select the two digit country code for example: US or CA.
- In the Enter the name of a file in which to store the certificate request field click Browse and specify the location and path you want to save your CSR file.
- Click OK.
Congrats you have generated your a new keystore and CSR. Your CSR request has been created and is ready for you to copy and paste its contents into the enrollment portal.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
IBM Support:
for more information refer to IBM
For IBM WebSphere Installation instruction click Here