Generating a private key and certificate request

Use the Generate private key and certificate request certTool option to generate a private key and a certificate request for secure communication between the adapter and IBM® Security Identity Governance and Intelligence.

About this task

A certificate signing request (CSR) is an unsigned certificate in a text file. When you submit an unsigned certificate to a Certificate Authority (CA), the CA signs the certificate with a private digital signature included in their corresponding CA certificate. When the certificate signing request is signed, it becomes a valid certificate. A CSR file contains information about the organization, such as the organization name, country, and the public key for its web server.

A CSR file looks similar to the following example: 
-----BEGIN CERTIFICATE REQUEST-----
MIIB1jCCAT8CAQAwgZUxEjAQBgNVBAoTCWFjY2VzczM2MDEUMBIGA1UECxMLZW5n 
aW5lZXJpbmcxEDAOBgNVBAMTB250YWdlbnQxJDAiBgkqhkiG9w0BCQEWFW50YWdl
bnRAYWNjZXNzMzYwLmNvbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju 
aWExDzANBgNVBAcTBklydmluZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
mR6AcPnwf6hLLc72BmUkAwaXcebtxCoCnnTH9uc8VuMHPbIMAgjuC4s91hPrilG7 
UtlbOfy6X3R3kbeR8apRR9uLYrPIvQ1b4NK0whsytij6syCySaFQIB6V7RPBatFr
6XQ9hpsARdkGytZmGTgGTJ1hSS/jA6mbxpgmttz9HPECAwEAAaAAMA0GCSqGSIb3 
DQEBAgUAA4GBADxA1cDkvXhgZntHkwT9tCTqUNV9sim8N/U15HgMRh177jVaHJqb
N1Er46vQSsOOOk4z2i/XwOmFkNNTXRVl9TLZZ/D+9mGZcDobcO+lbAKlePwyufxK 
Xqdpu3d433H7xfJJSNYLYBFkrQJesITqKft0Q45gIjywIrbctVUCepL2
 -----END CERTIFICATE REQUEST-----

Procedure

  1. At the Main menu of the certTool utility, type A. The following prompt is displayed: 
    Enter values for certificate request (press enter to skip value) 
----------------------------------------------------------------
Organization:
  2. At Organization, type your organization name and press Enter.
  3. At Organizational Unit, type the organizational unit and press Enter.
  4. At Agent Name, type the name of the adapter for which you are requesting a certificate and press Enter.
  5. At Email, type the email address of the contact person for this request and press Enter.
  6. At State, type the state that the adapter is in and press Enter.
    For example, type TX if the adapter is in Texas. Some certificate authorities do not accept two letter abbreviations for states. In this case, type the full name of the state.
  7. At Country, type the country that the adapter is in and press Enter.
  8. At Locality, type the name of the city that the adapter is in and press Enter.
  9. At Accept these values, do one of the following actions and press Enter:
    • Type Y to accept the displayed values.
    • Type N and specify different values.

    The private key and certificate request are generated after the values are accepted.

  10. At Enter name of file to store PEM cert request, type the name of the file and press Enter. Specify the file that you want to use to store the values you specified in the previous steps.
  11. Press Enter to continue. The certificate request and input values are written to the file you specified. The file is copied to the adapter data directory and the Main menu is displayed again.

What to do next

You can now request a certificate from a trusted CA by sending the .pem file that you generated to a certificate authority vendor.