To generate the key and CSR for IBM HTTP server through IKEYMAN please follow the instructions below:
A Key Database File(.kdb) using IKEYMAN needs to be generated. Please follow these steps:
- Open the IKEYMAN Utility (From Windows NT click Start -> Programs -> IBM HTTP Server -> Start Key Management Utility
- From the Menu Bar select "Key Database File"
- Click on NEW
- File Name = (The name you want to give the new Key Database file you are creating)
- Location = (the location on the harddrive you wish to store the .kdb file)
Note: On NT this is usually the /IBM Http Server/ssl directory
- After Saving the file to the location specified you will be prompted to enter a password
Note: This is the password that will be used to open the .kdb file in IKEYMAN in the future
- Make sure to click the box that states "stash the password to a file?"
Note: This will encrypt the password and save the file as a .sth file in the same directory as the .kdb file.
- Once you click OK, you are done.
Generating the CSR
- Open the Key Database File(.kdb) using the IKEYMAN utility
- In the middle of the IKEYMAN GUI you will see a section called "Key database content"
- Click on the "down arrow" to the right to display a list of three choices
- Select "Personal Certificate Requests"
- Key Label = (The name you want to give the certificate to identify it in IKEYMAN)
Note: Using the SiteName (example: www.robo.com) as the label is a good practice
- Key Size = 2048
Note: A key length of 1024 bit is the default, but Thawte requires a minimum key of 2048 bit.
- Common Name = (SiteName, example: www.domain.com)
Note: This is the name that the Thawte will register, so it is important it matches the actual Site Name
- Organization = (Company Name)
- "Enter the name of a file in which to store the certificate request"
Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what Thawte needs you to provide us.
- *Saving this file (.arm) in the same directory as the .kdb file is recommended.
- Once you save the file (.arm) you are done with creating the request.
For more information on using the Ikeyman please referr to this: