Ask a Question

Advanced Search

Alert ID : INFO285

Last Modified : 05/17/2018

Managed PKI for SSL - Installation Instructions for IBM WebSphere 5.1

Description


This document provides instructions for installing SSL Certificates for IMB Websphere using the IKEYMAN GUI.  If you are unable to use these instructions for your server, Symantec recommends that you contact IBM. 

NOTE: Keep in mind that to successfully use the certificate sent by Symantec, the Intermediate CA certificate and your SSL certificate must be imported into same key file from which the certificate request was generated. Ikeyman gives errors when you try to import the Symantec certificate into a key file that does not contain the certificate request.
 
NOTE: To install the SSL Certificate by using the iKeycmd command line, follow the steps from this link.
 

Step 1: Download the Symantec Intermediate CA Certificate 

  1. Download the Intermediate CA certificates from this link.
  2. Select Managed PKI for SSL tab.
  3. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: To check which certificate type you have purchased, follow the steps from this link.
  4. Copy the Intermediate CA certificate and paste it on a Notepad.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  6. Save the files as intermediate.cer.


Step 2: Install Symantec Intermediate CA Certificate

  1. Start the key management utility (iKeyman):

    On Windows: Go to the start UI and select Start Key Management Utility.

    On AIX, Linux or Solaris: Type ikeyman on the command line.
     
  2. Open the key database file that was used to create the certificate request. 
  3. Enter the password, then click OK. 
  4. Select Signer Certificates, then click Add
  5. Click Data Type and select a data type, such as Base64-encoded ASCII data.
    NOTE: This data type must match the data type of the importing certificate. 
  6. Enter a file name and location for intermediate.cer digital certificate or click Browse to select a file name and location. 
  7. Click OK. 
  8. Enter a label for importing certificate, for example: Intermediate CA.
  9. Click OK.  
  10. The Signer Certificates field displays the label of the signer certificate you added.


Step 3: Obtain the SSL Certificate 

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with the Certificate.
  2. If the certificate is imbedded in the body of the email, copy and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

              [encoded data]

    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.

     
  3. Save the certificate as public.cer or public.arm.


Step 4: Install the SSL Certificate 

  1. Start the key management utility (iKeyman): 

    On Windows: Go to the start UI and select Start Key Management Utility.

    On AIX, Linux or Solaris: Type ikeyman on the command line.
     
  2. Choose Open from the Key Database File menu. Click Key database type, and select CMS
  3. Click Browse to navigate to the directory containing the key database files.  
  4. Select the key database file to which you want to add the certificate. For example, key.kdb.  
  5. Click Open.
  6. In the Password Prompt window, type the password you set when you created the key database and then click OK
  7. Select the Personal Certificates view.  
  8. Click Receive.
  9. In the Receive certificate from a file window, select the data type of the new SSL certificate. For example, Base64-encoded ASCII.
  10. Click Browse to select the name and location of the certificate file name. 
  11. Click OK.


Step 5: Transfer Certificates

  1. To extract an SSL certificate from a key database file and store it in a CA key ring file, start the iKeyman graphical user interface.
  2. Run following command:

    On Windows: strmqikm

    On UNIX: gsk7ikm
     
  3. Choose Open from the Key Database File menu.  Click Key database type, and select CMS.
  4. Click Browse to navigate to the directory containing the key database files.
  5. Select the key database file to which you want to add the certificate. For example, key.kdb.
  6. Click Open.
  7. In the Password Prompt window, type the password you set when you created the key database and then click OK.
  8. Select Signer Certificates in the Key database content field, and then select the certificate you want to extract.
  9. Click Extract
  10. Select the Data type of the certificate. For example, Base64-encoded ASCII.
  11. Click Browse to select the name and location of the certificate file name.
  12. Click OK. The certificate is written to the file you specified.
  13. To verify if your certificate is installed correctly, use the Symantec Installation Checker.
     

IBM Support

         For more information see this link from IBM.