How to Create a Self-Signed Certificate with openssl

Troubleshooting

Problem

This document describes how to create a certificate in PASE OpenSSL.

Resolving The Problem

Openssl is an open source utility that comes shipped with 5733SC1 Option 1 OpenSSH, OpenSSL, zlib and can be used in the PASE environment to be a key management store.

To generate a self-signed certificate on the IBM i using OpenSSL, you should follow the steps below:

Step 1: Enter the PASE environment by issuing the command CALL QP2TERM

Step 2: Generate a private key with the command openssl genrsa -des3 -out server.key 1024
Screen shot of private key being generated with openssl.

Step 3: Generate a Certificate Signing Request with the command openssl req -new -key server.key -out server.csr
Screen shot of certificate signing request being generated with openssl.

Certificate signing request output continued.

Step 4: Remove Passphrase from Key with the command cp server.key server.key.org followed by openssl rsa -in server.key.org -out server.key
Screen shot of the passphrase being removed from the private key.

Step 5: Generate the Self-Signed Certificate with the command openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The last optional command is to convert the certificate to a PKCS12 format with the command openssl pkcs12 -export -out exported.pfx -inkey server.key -in server.crt
Screen shot of the Self-Signed certificate being generated with the openssl x509 command.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]

Historical Number

587068437

Was this topic helpful?

Document Information

More support for:
IBM i

Software version:
6.1.0

Operating system(s):
IBM i

Document number:
685735

Modified date:
18 December 2019

UID

nas8N1011770

IBM Support

Tips