Ask a Question

Advanced Search

Solution ID : SO2640

Last Modified : 05/02/2018

Generate a CSR for IBM ICSS


How to generate a csr on IBM ICSS


To generate a CSR for IBM ICSS follow the instructions below:

Thawte is not a default CA for IBM ICSS version 4.2.1, you need to install our root certificate before proceeding with your request. The root certificate contains the key that is used to verify the signatures on the certificates  we issue. It is the same root that is embedded in Navigator and MSIE.


Step 1: Embed our Root Certificate

  1. Download the Thawte root file in a Text file from the following link :
  2. Save it on your server hard drive.
  3. Go to the Administration interface of your web server.
  4. Underneath the "Security" configuration section of your server you will see a link called "Receive Certificate".
  5. You will need to specify your current keyring file and pass phrase, and ask it to install the root certificate that you saved on your hard drive.


Step 2:  Mark Thawte Root as a trusted Root

  1. Under "Security" again you will see a link called "Key Management".
  2. You will need to specify the key ring password.
  3. Select "Designate Trusted Root Keys".
  4. The Thawte root will be listed in X.400 format.
  5. Select it, then press Apply.
  6. The Thawte root is now a trusted CA for your server.


Step 3: Generate your own key and CSR

Note: A key length of 1024 bit is the default, but Thawte requires a minimum 2048 bit key.

  1. Go to the "Create Keys" link on the Admin page under "Security".
  2. Choose "Other" as your CA.
  3. On the next page, Do not give a Postal Code.
  4. Specify your country as the two-letter code in UPPER CASE.
  5. Give your full state name (ie. California)
  6. Don't mail the certificate  request to the CA, you are going to save it to a file instead.
  7. Make a note where you saved it (the default is C:\WWW\Bin\CertReq.txt).


That file is what you paste into our forms - it is your CSR.