You can create a self-signed certificate. WebSphere® Application
Server uses the certificate at runtime during the handshake protocol.
Self-signed certificates are located in the default keystore.
Before you begin
You must create a keystore before you can create a self-signed
certificate.Alternative Method: To create
a self-signed certificate by using the wsadmin tool, use the createSelfSignedCertificate command
of the AdminTask object. For more information, see the PersonalCertificateCommands
command group for the AdminTask object article.
Note: Certificate aliases with embedded quotes in them
can cause issues when the runtime attempts to use them. Do not use
embedded quotes in a certificate alias.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Key stores and certificates > [keystore ].
- From Additional Properties, click Personal certificates.
- Click Create a self-signed certificate.
- Type a certificate alias name.
The alias identifies
the certificate request in the keystore.
- Type a common name (CN) value.
This value is
the CN value in the certificate distinguished name (DN).
- Type the validity period
The default validity
period value is 365 days.
- You can configure one or more of the following optional values:
- Select a key size value. The default key size value is 2048 bits.
- Type an organization value. This value is the O value in the certificate DN.
- Type an organizational unit value. This organizational unit value is the OU value in the
certificate DN.
- Type a locality value. This locality value is the L value in the certificate DN.
- Type a state or providence value. This value is the ST value in the certificate DN.
- Type a zip code value. This zip code value is the POSTALCODE value in the certificate
DN.
- Select a country value from the list. This country value is the C= value in the certificate
request DN.
- Select a signature algorithm. The default is RSAwithSHA256.
- Select one or more key usages for the certificate. By default, none
are included.
- Select one or more extended key usages for the certificate. By
default, none are included.
- Type an email address to be part of the certificate subject
alternative name.
- Type a DNS name to be part of the certificate subject alternative
name.
- Type an IP address to be part of the certificate subject alternative
name.
- Click Apply.
Results
You have created a self-signed certificate that resides in
the keystore. The SSL configuration for the WebSphere Application
Server runtime uses this certificate for SSL communication. Extract
the signer of the self-signed certificate to add the signer to another
keystore.