Complete this task if you want to have a certificate signed.
Certificates that are trusted by a certificate authority are more
easily accepted by client browsers and provide a better overall user
experience. To have a certificate signed, you start with an existing
self-signed certificate, generate a request, and send the request
to the CA. You then import the signed certificate into the application
server keystore.
Procedure
- Create a certificate request from the Liberty profile SSL
keystore:
cd IS_install_path/wlp/usr/servers/iis/resources/security
IS_install_path/jdk/bin/keytool -certreq -alias key_alias -storetype PKCS12
-storepass key_password -keystore ./iis-server-keystore.p12 -file certreq.req -v
Where:
- key_alias
- The alias of the key. If you are using the one generated by the
installation program, the alias is
iisSSL
.
- key_password
- The default password is
iiskeypass
, unless you
changed it during installation or after updating the key and certificate.
This command creates a file called certreq.req.
Send that file through your organization's channels to have it signed
by a trusted CA or, if your organization has a signing certificate,
have it signed internally.
- When you have received the signed certificate, import it
into the Liberty profile SSL keystore. (The ⇒ character indicates
a line continuation.)
cd IS_install_path/wlp/usr/servers/iis/resources/security
IS_install_path/jdk/bin/keytool -importcert -alias key_alias -storetype ⇒
PKCS12 -storepass key_password -keystore ./iis-server-keystore.p12 -file ⇒
signed_certificate_file
Use the same
values as the first step for the key_alias and key_password.
- Restart the application server: