Certificate management in SSL

You can manage certificate operations that involve personal certificates, signer certificates, and personal certificate requests on the administrative console.

Types of certificates

WebSphere® Application Server uses the certificates that reside in keystores to establish trust for a Secure Sockets Layer (SSL) connection. Click Security > SSL certificate and key management > Manage endpoint security configurations > Inbound | Outbound > SSL_configuration_name > Key stores and certificates, then select an existing or create a new keystore. After selecting a keystore, and depending on the type of certificate you need, choose one of the following types of certificates under Related Items:
  • Personal certificate
  • Signer certificate
  • Certificate Authority (CA) certificates
  • Personal certificate request
Table 1. Certificate operations . The following table describes the certificate operations that you can perform on the administrative console
Types of certificates Functions Description
Personal certificates Create a self-signed certificate Creates a self-signed certificate and stores it in a keystore.
  List personal certificates Lists all the personal certificates in a keystore.
  Get information about a personal certificate Gets information about a personal certificate.
  Delete a personal certificate Deletes a personal certificate from a keystore.
  Import a certificate Imports a certificate from a keystore to a keystore.
  Export a certificate Exports a certificate from a keystore to another keystore.
  Extract a certificate Extracts the signer part of a personal certificate to a file.
  Exchange signer certificates Exchange signer part of a personal certificate between key store.
  Receive a certificate Reads a certificate that comes from a certificate authority (CA) into a keystore.
  Replace a certificate Replaces all occurrences of a personal certificate alias in the WebSphere Application Server configuration with another certificate. Also, replaces all occurrences of the personal certificates signer with the new personal certificate signer.
  Create a chained certificate Creates a chained certificate and stores it in a keystore.
  Renew a certificate Renews a certificate with a new public/private key pair and stores it in a keystore.
  Request a CA certificate Makes a request to a CA using a CA client to obtain a CA certificate.
Certificate authority (CA) certificates Create CA certificate Sends a certificate request to an external certificate authority (CA).
  Revoke CA certificate Sends a revocation request to an external certificate authority (CA).
Signer certificates Add a signer certificate Adds a signer certificate from a file to a keystore.
  List signer certificates Lists all the signer certificates in a keystore.
  Get information about a signer certificate Gets information about a signer certificate.
  Delete a signer certificate Deletes a signer certificate from a keystore.
  Extract a signer certificate Extracts a signer certificate from a keystore, and stores the certificate in a file.
  Retrieve a signer from a port Retrieves a signer certificate from a port, and stores it in a key store.
Certificate requests Create a certificate request Creates a certificate request that can be sent to a CA.
  List certificate requests Lists the certificate requests in a keystore.
  Get information about a certificate request Gets information about a certificate request.
  Delete a certificate request Deletes a certificate request from a keystore.
  Extract a certificate request Extracts a certificate request to a file.

Personal certificates

Table 2. Personal certificate operations . The following table lists the operations that you can perform on personal certificates, the AdminTask object that you can use to perform that operation, and how to navigate to the certificate on the console:
Function AdminTask object Administrative console
Create a self-signed certificate createSelfSignedCertificate Security > SSL certificate and key management > Key store and certificates > key store > Create a Self-Signed Certificate
List personal certificates listPersonalCertificates Security > SSL certificate and key management > Key store and certificates > key store > personal certificates
Get information about a personal certificate getPersonalCertificate Security > SSL certificate and key management > Key store and certificates > key store > personal certificates > alias
Delete a personal certificate deletePersonalCertificate Security > SSL certificate and key management > Key store and certificates > key store > personal certificates > delete
Import a certificate importCertificate Security > SSL certificate and key management > Key store and certificates > key store > personal certificates > import
Export a certificate exportCertificate Security > SSL certificate and key management > Key store and certificates > key store > personal certificates > export
Extract a certificate extractCertificate Security > SSL certificate and key management > Key store and certificates > key store > personal certificates > extract
Exchange signer certificates exchangeSignerCertificates Security > SSL certificate and key management > Key store and certificates > Exchange signers
Create a chained certificate createChainedCertificate Security > SSL certificate and key management > Key store and certificates > keystore name > Personal certificates. Click Create button and select Chained certificate
Renew a certificate renewChainedCertificate Security > SSL certificate and key management > Key store and certificates > keystore name > Personal certificates. Select a certificate. Click Renew button.
Create a chained Certificate createChainedCertificate Security > SSL certificate and key management > Key store and certificates > keystore > Create a chained certificate.
Request a CA certificate requestCACertificate Security > SSL certificate and key management > Key store and certificates > keystore > Request a CA certificate.

Certificate authority (CA) certificates

Table 3. CA certificate operations . The following table lists the operations that you can perform on CA certificates, the AdminTask object that you can use to perform that operation, and how to navigate to the certificate on the console:
Function AdminTask object Administrative console
Create a CA certificate createCACertificate Security > SSL certificate and key management > Key store and certificates > key store > Personal certificates > Create > CA-signed certificate
Revoke a CA certificate revokeCACertificate Security > SSL certificate and key management > Key store and certificates > key store > Personal certificates personal certificate > Revoke

Signer certificates

Table 4. Signer certificate operations . The following table lists the operations that you can perform with signer certificates, the AdminTask object that you can use to perform the operation, and how to navigate to the certificate on the console:
Function AdminTask object Administrative console
Add a signer certificate addSignerCertificate Security > SSL certificate and key management > Key store and certificates > key store > signer certificates > Add
List signer certificates listSignerCertificates Security > SSL certificate and key management > Key store and certificates > key store > signer certificates
Get information about a signer certificate getSignerCertificate Security > SSL certificate and key management > Key store and certificates > key store > signer certificates > alias
Delete a signer certificate deleteSignerCertificate Security > SSL certificate and key management > Key store and certificates > key store > signer certificate >delete
Extract a signer certificate to a file extractSignerCertificate Security > SSL certificate and key management > Key store and certificates > key store > signer certificates > extract
Retrieve a signer certificate from a port retrieveSignerFromPort Security > SSL certificate and key management > Key store and certificates > key store > signer certificates > retrieve from port

Personal certificate requests

Table 5. Personal certificate request operations . The following table lists the operations that you can perform on personal certificate requests, the AdminTask object that you can use to perform that operation, and how to navigate to the certificate request on the console:
Function AdminTask object Administrative console
Create a personal certificate request createCertificateRequest Security > SSL certificate and key management > Key store and certificates > key store > Personal certificate Requests > Add
List personal certificate requests listCertificateRequests Security > SSL certificate and key management > Key store and certificates > key store > Personal certificate requests
Get information about a personal certificate request getCertificateRequest Security > SSL certificate and key management > Key store and certificates > key store > Personal certificate requests > alias
Delete a personal certificate request deleteCertificateRequest Security > SSL certificate and key management > Key store and certificates > key store > Personal certificate requests > delete
Extract a personal certificate request to a file extractCertificateRequest Security > SSL certificate and key management > Key store and certificates > key store > Personal certificate requests > Extract