IBM provides a ikeyman tool that you can use to create self signed certificate and manage keys by following these steps
- Go to the WAS_HOME/bin directory and execute ikeyman tool, it will open a GUI based tool like this
- Now click on Key Database File - New. It will open a dialog box, in that change Key Database type to CMS and enter file and path name. In my case i am creating WAS6PluginCertificates.kdb file in C:\Cert\HTTPServer\conf\keys\ directory and click OK
- It will ask you for the password for the Key database file, enter a password, then check Stash the password to a file checkbox.
- It will create a .kdb file and import bunch of keys for you by default and show a message like this
- Once the .kdb file is created next step is to create a Self Signed certificate so click on Create - New Self Signed Certificate like this
- Enter the details for self signed certificate such as, key label, Organizations,...
- Thats it your self signed certificate is created, you can check them by going to the directory where we saved it. You will see 4 different files for that certificate are created out of that .sth is the stash password file