Creating a server certificate
You can specify the self-signed certificate to be used as server communication certificate. Alternatively, you can create requests for certificates and manually send the request to a certificate authority (CA) for signing.
About this task
For example, you can use certificates to secure the communication between IBM Security Guardium Key Lifecycle Manager and a tape library. The generated certificate
request files reside in the SKLM_HOME
directory. A sample
certificate request file: C:\Program
Files\IBM\WebSphere\AppServer\products\sklm\171029122037–sslcert001.csr.
Your role must have the permission to the configure action to create a TLS or KMIP certificate.
Before you begin, consider the following points:
- Whether you can use self-signed certificates during a phase in your project such as a test phase.
- The time interval that is needed to receive a CA-issued certificate after a request is sent. You must manually send a certificate request to the issuing authority.
- Whether your site requires partner certificates for use with business partners, vendors, or for disaster recovery purposes.
- The customary setting in days for a certificate validity interval.