Ask a Question

General Information ID : INFO1008

Managed PKI for SSL - Installation Instructions IBM WebSphere Using Command Line

Description

This document provides instructions for installing SSL Certificates for IMB Websphere using iKeycmd. If you are unable to use these instructions for your server, Symantec recommends that you contact IBM. 

NOTE: Keep in mind that to successfully use the certificate sent by Symantec, the Intermediate CA certificate and your SSL certificate must be imported into same key file from which the certificate request was generated. Ikeyman gives errors when you try to import the Symantec certificate into a key file that does not contain the corresponding certificate request.

NOTE: To install the SSL Certificate by using the IKEYMAN GUI, follow the steps from this link.
 

Step 1: Download the Symantec Intermediate CA Certificate

  1. Download the Intermediate CA certificate from this link.
  2. Select the Managed PKI for SSL tab
  3. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: To check which certificate type you have purchased, follow the steps from this link.
  4. Copy the Intermediate CA certificate and paste it on a Notepad.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  6. Save the files as intermediate.cer


Step 2: Install Symantec Intermediate CA Certificate

  1. Run following command to add the intermediate.cer into the key database:

    For UNIX:

    gsk7cmd -cert -add -db filename -pw password -label label -file filename -format ascii

    For Windows:

    runmqckm -cert -add -db filename -pw password -label label -file filename -format ascii
  • -db filename is the fully qualified file name of a CMS key database, for example: dbkey.kdb
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label is the key label attached to the certificate, for example: "ibmwebspheremqqmname"
  • -file filename is the fully qualified file name of the file containing the Intermediate CA certificate, for example intermediate.cer
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii.
     

Step 3: Obtain the SSL Certificate 

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with the Certificate
    attached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines
    or spaces in the file.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

              [encoded data]

    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  3. Save the certificate as public.cer or public.arm


Step 4: Install the SSL Certificate 

  1. To install a certificate in iKeycmd (using UNIX command line), run following command:

    For UNIX:

    gsk7cmd -cert -receive -file filename -db filename -pw password -format ascii 

    For Windows:

    runmqckm -cert -receive -file filename -db filename -pw password -format ascii  
  • -file filename is the fully qualified file name of the file containing the personal certificate. 
  • -db filename is the fully qualified file name of a CMS key database, for example: dbkey.kdb
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label is the key label attached to the certificate, for example: "ibmwebspheremqqmname"
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii.
     

Steps 5: Extract SSL Certificate

  1. To extract a certificate in iKeycmd, run following command:

    For UNIX:

    gsk7cmd -cert -extract -db filename -pw password -label label -target filename -format ascii

    For Windows

    runmqckm -cert -extract -db filename -pw password -label label -target filename -format ascii  
  • -db filename is the fully qualified pathname of a CMS key database.
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label label is the label attached to the certificate.
  • -target filename is the name of the destination file
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii
     
  1. To verify if your certificate is installed correctly, use the Symantec Installation Checker


IBM Support

          For more information, refer to IBM documentation / IBM Support