Issuing a certificate request for a cluster

Create a personal certificate request to obtain a certificate that is signed by a certificate authority.

Before you begin

The keystore that contains a personal certificate request must already exist on the WebSphere® Application Server. In a cluster deployment, the keystore is the STGWKS.p12 keystore which was created during the procedure Creating a new keystore.

About this task

For additional information about default paths, see Directory conventions.

Procedure

  1. Log in to the Integrated Solutions Console.
  2. Click Security > SSL certificate and key management > Related items > Key stores and certificates > STGWKS .
  3. In the "Additional Properties" section, click Personal certificate requests.
  4. Click New.
  5. In the File for certificate request field, type the full path where the certificate request is to be stored, plus a file name.

    For example: c:\servercertreq.arm (on Microsoft™ Windows™).

  6. Type an alias name in the Key label field.

    The alias is the name you use to identify the certificate request in the keystore.

    For example: stgwcertificate

  7. Type a common name (CN) value.

    The CN must be your external visible DNS address to which the external community (AOL for example) would be opening a TCP connection to. The CN value does not have to be identical to any of the email domains associated with your community.

    You should decide on the CN value in advance primarily by consulting your network administrator

  8. Type an organization name in the Organization field.

    This value is the "organization" value in the certificate's distinguished name.

  9. In the Organization unit field, type the "organization unit" portion of the distinguished name.
  10. In the Locality field, type the "locality" portion of the distinguished name.
  11. In the State or Province field, type the "state" portion of the distinguished name.
  12. In the Zip Code field, type the "zip code" portion of the distinguished name.
  13. In the Country or region drop down list, select the two-letter "country code" portion of the distinguished name.
  14. Click Apply and Save.

    The certificate request is created in the specified file location in the keystore. The request functions as a temporary placeholder for the signed certificate until you manually receive the certificate in the keystore.

    Note: Key store tools (such as iKeyman and keyTool) cannot receive signed certificates that are generated by certificate requests from WebSphere Application Server. Similarly, WebSphere Application Server cannot accept certificates that are generated by certificate requests from other keystore utilities.
  15. Send the certification request arm file to a certificate authority for signing.

    For more information, see List of supported Certificate Authorities.

  16. Stop the Sametime® Gateway Server.
  17. Make a backup copy of your keystore file. Make this backup before receiving the CA-signed certificate into the keystore. The default password for the keystore is WebAS. The Integrated Solutions Console has the path information for the keystore's location.

    The path to the STGWKS keystore is listed in the Integrated Solutions Console as:

    profile_root\config\STGWKS.p12
  18. Start the Sametime Gateway Server.