You can create a self-signed certificate. WebSphere® Application Server uses the certificate at runtime
during the handshake protocol. Self-signed certificates are located in the default
keystore.
Before you begin
You must create a keystore before you can create a self-signed certificate.Alternative Method: To create a self-signed certificate by using the wsadmin
tool, use the createSelfSignedCertificate command of the AdminTask object. For more
information, see the PersonalCertificateCommands command group for the AdminTask object
article.
Avoid trouble: Certificate aliases with embedded quotes in them can
cause issues when the runtime attempts to use them. Do not use embedded quotes in a certificate
alias.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security
configurations > {Inbound | Outbound} >
ssl_configuration > Key stores and certificates > [keystore
].
- From Additional Properties, click Personal certificates.
- Click Create a self-signed certificate.
- Type a certificate alias name.
The alias identifies the certificate request in
the keystore.
- Type a common name (CN) value.
This value is the CN value in the certificate
distinguished name (DN).
- Type the validity period
The default validity period value is 365
days.
- You can configure one or more of the following optional values:
- Select a key size value. The default key size value is 2048 bits.
- Type an organization value. This value is the O value in the certificate DN.
- Type an organizational unit value. This organizational unit value is the OU value in the
certificate DN.
- Type a locality value. This locality value is the L value in the certificate DN.
- Type a state or providence value. This value is the ST value in the certificate DN.
- Type a zip code value. This zip code value is the POSTALCODE value in the certificate
DN.
- Select a country value from the list. This country value is the C= value in the certificate
request DN.
Select a signature algorithm. The default is RSAwithSHA256.
Select one or more key usages for the certificate. By default, none
are included.
Select one or more extended key usages for the certificate. By
default, none are included.
Type an email address to be part of the certificate subject
alternative name.
Type a DNS name to be part of the certificate subject alternative
name.
Type an IP address to be part of the certificate subject alternative
name.
- Click Apply.
Results
You have created a self-signed certificate that resides in the keystore. The SSL
configuration for the WebSphere Application Server runtime uses this certificate for SSL communication. Extract the
signer of the self-signed certificate to add the signer to another keystore.