Creating a certificate for Java IBM EMM components

Follow this procedure to create a certificate for Java™ IBM® EMM components.

About this task

IBM EMM web application components written in Java use the JSSE library. The Sun JDK includes a program called keytool that can create a certificate file. Consult the Java documentation for complete details on using this program, or access the help by entering -help when you run the program.

Use the following procedure to create a self-signed certificate that you can use when configuring a Java IBM EMM component for SSL.

Procedure

  1. Run keytool at the command line.

    This program is included in the bin directory of the Sun Java JDK.

  2. Generate an identity keystore.

    The following example command creates a keystore named UnicaClientIdentity.jks.

    keytool -genkey -alias UnicaClientIdentity -keyalg RSA -keystore UnicaClientIdentity.jks -keypass clientPwd -validity 1000 -dname "CN=hostName, O=myCompany" -storepass clientPwd

    Note the following.

    • Make a note of the -storepass value (clientPwd in the example) as you need it when you configure the application server.

    • Make a note of the -alias value (UnicaClientIdentity in the example) as you need it for the rest of this procedure.

    • The common name (CN) in the distinguished name should be the same as the host name used to access IBM EMM. For example, if the URL for IBM EMM is https://hostName.companyDomain.com:7002/unica/jsp, then the CN should be hostName.companyDomain.com. The CN portion of the distinguished name is the only required portion; Organization (O) and Organizational Unit (OU) are not required.

    • For WebSphere® 6.0, the keystore password and key password must be the same.

  3. Generate a certificate based on the identity keystore you created.

    The following example command creates a certificate named UnicaCertificate.cer.

    keytool -export -keystore UnicaClientIdentity.jks -storepass clientPwd -alias UnicaClientIdentity -file UnicaCertificate.cer

    The value of -alias is the alias you set for the identity keystore (UnicaClientIdentity in the example).

  4. Generate a trusted keystore based on the certificate you created.

    The following example command creates a trusted keystore named UnicaTrust.jks.

    keytool -import -alias UnicaClientIdentity -file UnicaCertificate.cer -keystore UnicaTrust.jks -storepass trustPwd

    Note the following.

    • Type Y when prompted to trust the certificate.

    • The value of -alias is the alias you set for the identity keystore (UnicaClientIdentity in the example).

    • Make a note of the -storepass value (trustPwd in the example) as you need it when you configure the application server.