You can create a self-signed certificate. WebSphere® Application Server uses the certificate at runtime
during the handshake protocol. Self-signed certificates are located in the default
keystore.
Before you begin
You must create a keystore before you can create a self-signed certificate.Alternative Method: To create a self-signed certificate by using the wsadmin
tool, use the createSelfSignedCertificate command of the AdminTask object. For more
information, see the PersonalCertificateCommands command group for the AdminTask object
article.
Avoid trouble: Certificate aliases with embedded quotes in them can
cause issues when the runtime attempts to use them. Do not use embedded quotes in a certificate
alias.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security
configurations > {Inbound | Outbound} >
ssl_configuration > Key stores and certificates > [keystore
].
- From Additional Properties, click Personal certificates.
- Click Create a self-signed certificate.
- Type a certificate alias name.
The alias identifies the certificate request in
the keystore.
- Type a common name (CN) value.
This value is the CN value in the certificate
distinguished name (DN).
- Type the validity period
The default validity period value is 365
days.
- You can configure one or more of the following optional values:
- Select a key size value. The default key size value is 2048 bits.
- Type an organization value. This value is the O value in the certificate DN.
- Type an organizational unit value. This organizational unit value is the OU value in the
certificate DN.
- Type a locality value. This locality value is the L value in the certificate DN.
- Type a state or providence value. This value is the ST value in the certificate DN.
- Type a zip code value. This zip code value is the POSTALCODE value in the certificate
DN.
- Select a country value from the list. This country value is the C= value in the certificate
request DN.
- Select a signature algorithm. The default is RSAwithSHA256.
- Select one or more key usages for the certificate. By default, none
are included.
- Select one or more extended key usages for the certificate. By
default, none are included.
- Type an email address to be part of the certificate subject
alternative name.
- Type a DNS name to be part of the certificate subject alternative
name.
- Type an IP address to be part of the certificate subject alternative
name.
- Click Apply.
Results
You have created a self-signed certificate that resides in the keystore. The SSL
configuration for the WebSphere Application Server runtime uses this certificate for SSL communication. Extract the
signer of the self-signed certificate to add the signer to another keystore.