Requesting a CA signed certificate

You can request a digital certificate from a certificate authority (CA). Because certificate authorities are public entities that issue certificates to identify other entities, CA signed certificates provide a level of public trust. Therefore, this type of certificate is better suited for your production environment.

1. Using a remote-access facility, such as SecureShell (SSH), log in to the IBM® Flex System Manager management node to access the command-line interface (CLI). Log in using a user account with administrator privileges, such as USERID.
   Note: As an alternative to using the remote-access facility, you can use the web-based interface. Log in using a user account with administrator privileges, open the Certificate Key Store, and click the Create and Download CSR button.
2. Use the mkcert command to create a certificate request, as shown in the following example. For more details about the command and its options, see mkcert.

   mkcert -r -l <cert_request_label> -d <distinguished_name> -s <size> -f <request_filename> -p <keystore_password>

   The CSR file is created in the specified location and can be sent to any authority that is trusted to obtain the CA-signed certificate.
3. Send the certificate-signing request file to the CA. See the CA Web site for specific instructions about requesting a new certificate. You can request either a test certificate or a production certificate from the CA. However, in a production environment, you must request a production certificate.