To acquire a digital certificate, generate a request using
Key Manager and submit the request to a CA. The request file you generate
is in the PKCS#10 format. The CA then verifies your identity and
sends you a digital certificate.
To request a digital certificate, use the following procedure:
- Unless you are already using Key Manager, start the tool
by typing:
- From the main screen, select Open from the Key Database File list.
- Highlight the /etc/security/ikekey.kdb key database file from which you want to generate the request and
click Open.
- Enter the password and click OK.
After your password is accepted, you are returned to the IBM® Key Management screen.
The title bar shows the name of the key database file you selected,
indicating that the file is now open and ready to be edited.
- Select .
- Click New.
- From the following screen, enter a Key Label for the self-signed digital certificate, such as:
- Enter a common name (the default is
the host name) and organization, and then select
a country. For the remaining fields, either accept
the default values, or choose new values.
- Define the subject alternate name. The
optional fields associated with subject alternate are e-mail address, IP address, and DNS name. For a tunnel type
of IP address, type the same IP address that is configured in the
IKE tunnel into the IP address field. For a tunnel ID type of user@FQDN, complete the e-mail address field.
For a tunnel ID type of FQDN, type a fully qualified domain name
(for example, hostname.companyname.com) in the DNS name
field.
- At the bottom of the screen, enter a name for the file,
such as:
- Click OK. A confirmation screen
is displayed, verifying that you have created a request for a new
digital certificate.
- Click OK. You are returned to the IBM Key Management screen.
The Personal Certificate Requests field now shows the key label
of the new digital certificate request (PKCS#10) created.
- Send the file to a CA to request a new digital certificate.
You can either perform other tasks or exit the tool.