1. Portal Home
  2. Knowledgebase
  3. 4. SSL installation
  4. IBM WebSphere HTTP Server

Knowledgebase

IBM WebSphere HTTP Server  Print this Article

I.  Download Intermediate and Cross Root CA files from Costumer Panel (edit it with Notepad. Other editors may add additional characters). Downloaded files save as intermediate.txt and crossroot.txt.

 
II. Install the Intermediate CA
1. Start the key management utility (iKeyman)
2. Open the key database file that was used to create the certificate request.
3. Enter the password, and then click OK.
4. Select Signer Certificates and then click Add.
5. Click Data type, and select a data type, such as Base64-encoded ASCII data. This data type must match the data type of the importing certificate.
6. Browse the intermediate.txt file you created and click OK.
7. Enter a label for the importing certificate and click OK.
8. The Signer Certificates field displays the label of the signer certificate you added.
 
III. Install the Cross Root CA
1. Start the key management utility (iKeyman)
2. Open the key database file that was used to create the certificate request.
3. Enter the password, and then click OK.
4. Select Signer Certificates and then click Add.
5. Click Data type, and select a data type, such as Base64-encoded ASCII data. This data type must match the data type of the importing certificate.
6. Browse the crossroot.txt file you created and click OK.
7. Enter a label for the importing certificate and click OK.
8. The Signer Certificates field displays the label of the signer certificate you added.
 
IV. Download your certificate and follow the instructions received in e-mail. Copy and paste it into a text file and save as ssl.arm.
 
V. Install the Certificate
 
iKeyman GUI (graphical user interface):
1. Start the iKeyman using either the gsk7ikm command (UNIX) or the strmqikm command (Windows).
Note: To use the iKeyman GUI, be sure that your machine can run the X Windows system.
2. From the Key Database File menu choose Open. Click Key database type, and select CMS.
3. Click Browse to navigate to the directory containing the key database file to which you want to add the certificate and click Open.
4. Type the password you set when you created the key database and then click OK.
5. Select the Personal Certificates view and click Receive.
6. Select the data type of the new SSL certificate. Base64-encoded ASCII for a .arm file.
7. Click Browse to select the name and location of the certificate file name and click OK.
 
iKeycmd (command line interface):
 
UNIX command line:
+ gsk7cmd -cert -receive -file filename -db filename -pw password -format ascii
 
Windows command line:
+ runmqckm -cert -receive -file filename -db filename -pw password -format ascii
 
where:
+ -file filename is the fully qualified file name of the file containing the personal certificate.
+ -db filename is the fully qualified file name of a CMS key database.
+ -pw password is the password for the CMS key database.
+ -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.
 
VI. Transferring certificates
To extract an SSL certificate from a key database file and store it in a CA key ring file you must:
 
iKeyman GUI (graphical user interface):
1. Start the iKeyman using either the gsk7ikm command (UNIX) or the strmqikm command (Windows).
2. From the Key Database File menu choose Open. Click Key database type, and select CMS.
3. Click Browse to navigate to the directory containing the key database file to which you want to add the certificate and click Open.
4. Type the password you set when you created the key database and then click OK.
5. Select Signer Certificates in the Key database content field, and then select the certificate you want to extract. Next click Extract.
6. Select the data type of the new SSL certificate. Base64-encoded ASCII for a .arm file.
7. Click Browse to select the name and location of the certificate file name and click OK. The certificate is written to the file you specified.
 
iKeycmd (command line interface):
 
UNIX command line:
+ gsk7cmd -cert -extract -db filename -pw password -label label -target filename -format ascii
 
Windows command line:
+ runmqckm -cert -extract -db filename -pw i -label label -target filename -format ascii
 
where:
+ -db filename is the fully qualified pathname of a CMS key database.
+ -pw password is the password for the CMS key database.
+ -label label is the label attached to the certificate.
+ -target filename is the name of the destination file.
+ -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.

Was this answer helpful?

Related Articles

SSL Installations
SSL installation depends on the type of server you are securing. Please select below the server...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Barracuda VPN server
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Cisco ACS Server
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...

  Tag Cloud

AWS Installation Managed SSL

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket