Creating a request for the certificate
As the first step of replacing the default SSL certificate, create a request for the certificate from the Certification Authority (CA) so that it can be sent to the CA.
Procedure
- In the navigation pane of the Tivoli Integrated Portal, click Settings > WebSphere Administrative Console, and click Launch WebSphere administrative console.
- Click Security > SSL certificate and key management.
- On the "SSL certificate and key management" page, click Key stores and certificates, then click NodeDefaultKeyStore.
- On the "NodeDefaultKeyStore" page, click Personal certificate requests and on the page that appears, click New.
- In File for certificate request enter
the path name for the file to hold the certificate request. Use the
following form:
tip_home_dir/profiles/TIPProfile/config/cells/TIPCell/nodes/request_file_name.p12
Replace request_file_name with a suitable name for the request. For example: ca-cert-request.
- Complete the fields in the "Certificate information" panel as follows:
- Key label
- Enter an alias name for the certificate request in the key store. Ensure it is unique among any other entries in the key store.
- Common name
- Enter the name of the entity that the certificate represents. For example the fully-qualified domain name where the Web GUI resides. For example: webgui.server.mycompany.com.
- Organization
- Enter the name of you organization to identify the organization part of the distinguished name. For example: My Company.
- Organizational unit
- Enter the name of the unit within the organization to identify the organizational unit part of the distinguished name. For example: Operations.
- Locality
- Enter the location of the organizational unit to identify the locality part of the distinguished name. For example: Armonk.
- State or province
- Enter the state or province of the locality to identify the state part of the distinguished name. For example: NY.
- Zip code
- Enter the zip or postal code of the locality to identify the zip code part of the distinguished name For example: 10504.
- Country
- Select the code for your country from the drop-down list to identify the country part of the distinguished name. For example: US.
- Click Apply.
- On the "SSL certificate and key management" page, click Back.
- Set the check box for the entry containing the new key label and click Extract.
- On the "Extract certificate request" page enter the path of the file to hold the certificate request
that you can send to the CA. Use the following form:
tip_home_dir/profiles/TIPProfile/config/cells/TIPCell/nodes/ca_request_file_name.p12
Replace ca_request_file_name with a suitable name for the request. For example: cert-request-to-send-to-CA.
- Click OK.