Creating a chained personal certificate in SSL

A chained personal certificate is a personal certificate that is created by using another personal certificate to sign it. This chaining allows a certificate to be signed with a certificate (a root certificate) that has a long life span. Root certificates are stored in the DmgrDefaultRootStore or NodeDefaultRootStore. The server's default personal certificate is a chained certificate created when the profile is created. Chained certificates can also be created after profile creation

Before you begin

You use the administrative console to create a chained personal certificate.

Procedure

  1. Click Security > SSL certificate and key management.
  2. Under Related Items, click Key stores and certificates.
  3. Click a <keystore name> to which you want to add the chained personal certificate.
  4. Under Additional Properties, click Personal certificates .
  5. Click the Create button and select Chained Certificate
    The listCertificates AdminTask can be used to generate the list of root certificates available to sign the certificate.
  6. Fill in the following information to the General Properties section as follows:
    • Supply an alias name.
    • Select Root certificate from the pull down list.
    • Key size
    • Common name
    • Validity period
    • Organization
    • Organization Unit
    • Locality
    • State/Province
    • Zip code
    • Country or region
    • [8.5.5.18 or later]Signature algorithm (optional)
    • [8.5.5.18 or later]Key usage (optional)
    • [8.5.5.18 or later]Extended key usage (optional)
    • [8.5.5.18 or later]Subject alternative name email (optional)
    • [8.5.5.18 or later]Subject alternative name DNS name (optional)
    • [8.5.5.18 or later]Subject alternative name IP address (optional)
  7. Click Apply then OK.

Results

The certificate is created, signed by the root certificate specified, and stored in the keystore. Once a chained personal certificate is created, the certificate can be used by the runtime for SSL communication.