Creating a new key pair and certificate request
To create a public-private key pair and certificate request, do the following:
- For Windows platforms, for example, enter the following command:
java com.ibm.gsk.ikeyman.ikeycmd -certreq -create-db your_install_directory\bin\HODServerKeyDb.kdb-pw <password> -size <1024 | 512> -dn <distinguished_name>
where your_install_directory is your Host On-Demand installation directory.-file <filename> -label <label>Note the following descriptions:
- -size: key size of 512 or 1024
- -label: label attached to certificate or certificate request
- -dn: X.500 distinguished name. This is input as a quoted string
of the following format: (Only CN, O, and C are required; CN=common_name,
O=organization, OU=organization_unit, L=location, ST=state/province,
C=country.)
"CN=weblinux.raleigh.ibm.com,O=ibm,OU=IBM HTTP Server,L=RTP,ST=NC,C=US" - -file: name of file where the certificate request will be stored. By default, Host On-Demand uses the name certreq.arm and it should be stored in your_install_directory\bin (where your_install_directory is your Host On-Demand installation directory), where HODServerKeyDb.kdb is located.
- Verify that the certificate was successfully created.
a. View the contents of the certificate request file you created.
b. Make sure the key database recorded the certificate request:
java com.ibm.gsk.ikeyman.ikeycmd -certreq -list-db <filename> -pw <password>You should see the label listed that you just created.
- Send the newly created file to a certificate authority.