Creating self signed certificate

IBM provides a ikeyman tool that you can use to create self signed certificate and manage keys by following these steps

  1. Go to the WAS_HOME/bin directory and execute ikeyman tool, it will open a GUI based tool like this

  2. Now click on Key Database File - New. It will open a dialog box, in that change Key Database type to CMS and enter file and path name. In my case i am creating WAS6PluginCertificates.kdb file in C:\Cert\HTTPServer\conf\keys\ directory and click OK

  3. It will ask you for the password for the Key database file, enter a password, then check Stash the password to a file checkbox.

  4. It will create a .kdb file and import bunch of keys for you by default and show a message like this

  5. Once the .kdb file is created next step is to create a Self Signed certificate so click on Create - New Self Signed Certificate like this

  6. Enter the details for self signed certificate such as, key label, Organizations,...

  7. Thats it your self signed certificate is created, you can check them by going to the directory where we saved it. You will see 4 different files for that certificate are created out of that .sth is the stash password file


Jimmy Jarred said...

This article is a great help to me. I followed all these steps and without facing any difficulty I created a self signed certificate. I must say that you have simplified the process by explaining it in such a detail.
digital certificates

amitraj khurdhara said...

This was really a nice Post..

BUT can you please Enhance this post by adding info redarding , HOW to further apply this self-signed certificate on web-sphere server through admin console or any other way exists. So that server can run on url starts with HTTPS.
And how the same will be done if there is no IHS (http server) only Application server WAS is there, So in that case the certificate must be install in particular Profile which has been created inside WAS.