This document provides instructions for generating a Certificate Signing Request (CSR) for IBM HTTP Server running IKEYMAN. If you are unable to use these instructions for your server, GeoTrust recommends that you contact IBM.
Step 1. Create a Key Database File (.kdb)
- Open the IKEYMAN Utility
On Windows click Start > Programs > IBM HTTP Server > Start Key Management Utility.
On UNIX platforms, start the iKeyman utility by running: /IHS root/bin/ikeyman.sh
- From the Menu Bar select "Key Database File"
- Click on NEW
- Type in a file name of new Key Database file
- Specify the location on the hard drive where the .kdb file will be stored
- Click OK
- Enter a password
NOTE: This is the password that will be used to open the .kdb file in IKEYMAN in the future
- Make sure to click the box that states "Stash the password to a file?"
NOTE: This will encrypt the password and save the file as a .sth file in the same directory as the .kdb file.
- Click OK
Step 2. Generate the CSR
- Open the Key Database File (.kdb) using the IKEYMAN utility
- In the middle of the IKEYMAN GUI, there will be a section called "Key database content"
- Click on the "down arrow" to the right, to display a list of three choices
- Select "Personal Certificate Requests"
- From the Personal Certificate Requests section, click New
- Fill out the required information
- Key Label is the name used to identify certificate in IKEYMAN
NOTE: Using the site name (for example, www.bbtest.net) as the label is a good practice.
- Key Size must be at least 2048 bits
NOTE: If the 2048 bit Key Size does not appear in the drop down list, refer to IBM Support
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.geotrust.com" or "geotrust.com".
NOTE: GeoTrust certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "geotrust.com" will receive a warning if accessing a site named "secure.geotrust.com".
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Enter the name of a file in which to store the certificate request
NOTE: Saving this file(.arm) in the same directory as the (.kdb) file is recommended
- Once the (.arm) file is saved, this completes the CSR generation process
- Verify your CSR
- Proceed with Enrollment
Once the SSL certificate has been issued follow these steps for installation
For more information refer to IBM documentation
For more information for creating a key with SHA algorythm, please click here