Create a personal certificate request to obtain a certificate
that is signed by a certificate authority.
Before you begin
The keystore that contains a personal certificate request
must already exist on the WebSphere® Application
Server. In a cluster deployment, the keystore is the STGWKS.p12 keystore
which was created during the procedure Creating a new keystore.
About this task
For additional information about default paths, see Directory conventions.
Procedure
- Log in to the Integrated Solutions Console.
- Click .
- In the "Additional Properties" section, click Personal
certificate requests.
- Click New.
- In the File for certificate request field,
type the full path where the certificate request is to be stored,
plus a file name.
For example: c:\servercertreq.arm
(on Microsoft™ Windows™).
- Type an alias name in the Key label field.
The alias is the name you use to identify the certificate
request in the keystore.
For example: stgwcertificate
- Type a common name (CN) value.
The CN must
be your external visible DNS address to which the external community
(AOL for example) would be opening a TCP connection to. The CN value
does not have to be identical to any of the email domains associated
with your community.
You should decide on the CN value in
advance primarily by consulting your network administrator
- Type an organization name in the Organization field.
This value is the "organization" value in the certificate's
distinguished name.
- In the Organization unit field,
type the "organization unit" portion of the distinguished name.
- In the Locality field, type the
"locality" portion of the distinguished name.
- In the State or Province field,
type the "state" portion of the distinguished name.
- In the Zip Code field, type the
"zip code" portion of the distinguished name.
- In the Country or region drop down
list, select the two-letter "country code" portion of the distinguished
name.
- Click Apply and Save.
The
certificate request is created in the specified file location in the
keystore. The request functions as a temporary placeholder for the
signed certificate until you manually receive the certificate in the
keystore.
Note: Key store tools (such as iKeyman and keyTool)
cannot receive signed certificates that are generated by certificate
requests from WebSphere Application
Server. Similarly, WebSphere Application
Server cannot accept certificates that are generated by certificate
requests from other keystore utilities.
- Send the certification request arm file to a certificate
authority for signing.
- Stop the Sametime® Gateway
Server.
- Make a backup copy of your keystore file. Make this backup
before receiving the CA-signed certificate into the keystore. The
default password for the keystore is
WebAS
. The Integrated
Solutions Console has the path information for the keystore's location.
The path to the STGWKS keystore
is listed in the Integrated Solutions Console as:
profile_root\config\STGWKS.p12
- Start the Sametime Gateway
Server.