Creating a Certificate Signing Request

Start the key management utility:

If NT: click start button - IBM HTTP Server - Start Key Management Utility

If Unix: type ikmgui from command line.

Select Key Database File from the main menu, then select New.

Select Key Database type as CMS Key database file or keyring file. Enter your key database name or click key.kdb (or keyfile.kyr for keyring) if you are using the default in the new dialog box.

Type and confirm your password in the Password Prompt dialog box.

Warning: If you lose the password, you must purchase another certificate.

Select Key Database File from the main menu, then select Open.

Enter your key database name or click on key.kdb (keyfile.kyr for keyring) if you are using the default in the Open dialog box. Click Open.

Select Create from the main menu, then select New Certificate Request.

Enter a Key Label in the New Key and Certificate Request dialog box. Use a name/label that identifies the key and certificate in the database, for example: My Server Certificate.

***Note: Make a backup copy of your key.kdb or server.kyr file and store it in a safe place***

When creating a CSR you must follow these conventions. Complete the following Distinguished Name Field information.

The following characters are not accepted: < > ~ ! @ # $ % ^ * / \ ( ) ? &

Contact ipsCA
For further Information:
Email:

Phone:
+34 91 6402052

Distinguished Name Field	Explanation	Example
Country Name	The two-letter ISO abbreviation for your country	US = United States
State or Province Name	The state or province where your organization is located. It cannot be abbreviated.	Georgia
City or Locality	The city where your organization is located.	Atlanta
Organization Name	The exact legal name of your organization. Do not abbreviate	IPS S.L.
Organizational Unit	Optional for additional organization information	Marketing
Common Name (Server Host Name)	The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.	If you intend to secure the URL https://secure.yourURL.com, then your CSR's Server Hostname must be secure.yourURL.com
Server Admin.'s email address	Your email address	abc@yourURL.com

Enter the certificate request file name, or default name certreq.arm

In the Information dialog box, click <OK>.

Submit your CSR to IPSCA.

Certificate installation

Installing a Server Digital Certificate on an IBM Server

This document explains how to install a Server Digital Certificate, and answers any question you might have.

Installing a Server Digital Certificate

Using IKEYMAN for Certificate Installation

ipsCA sent you your server Certificate.

After you receive your certificate, two other certificates will be necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and the intermediate CA IPSCA CLASEA1. It is essential that these certificates are also installed on your webserver in order to establish correct SSL connections with your customer's browsers. Should they be required, you may download these certificates individually or collectively as a bundled file below:

IPSServidores.crt

IPSCACLASEA1.crt

Before installing the server certificate, install both of these certificates. Follow the instructions in 'Storing a CA certificate'.

Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.

Select Key Database File from the main User Interface, select Open.

In the Open dialog box, select your key database name. Click OK.

In the Password Prompt dialog box, enter your password and click OK.

Select Signer Certificates in the Key Database content frame, click the Add button.

In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.

In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.

Select Key Database File from the main User Interface, select Open.

In the Open dialog box, select your key database name. Click OK.

In the Password Prompt dialog box, enter your password, click OK.

Select Personal Certificates in the Key Database content frame and then click the Receive button.

In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."

return to the top

© 1995 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
can be found in our repository
Read our Privacy Policy and Terms of Use

facturacion electronica

SSL CERTIFICATEWILDCARD SSL CERTIFICATEWILDCARD SSL CERTIFICADOWILDCARD SSL CERTIFICATE

Creating a Certificate Signing Request

Explanation

Using IKEYMAN for Certificate Installation