Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure communications > Secure communications using SSL
Certificate management using iKeyman prior to SSL
Start in WAS Version 6.1, you can manage your certificates from the admin console. When using versions of WAS prior to v6.1, use iKeyman for certificate management. iKeyman is a key management utility.
WAS certificate management requires that you define the keystores in your WAS configuration. With iKeyman, you need access to the keystore file only. We can read a keystore file with personal certificates and signers that is created in iKeyman. A keystore file can be read into the WAS configuration by using the createKeyStore command.
The majority of certificate management functions are the same between WAS and iKeyman, especially for personal certificates and signer certificates. However, certificate requests are special. The underlying behavior is different in the two certificate management schemes. Because of the different behavior, when a certificate request is generated from iKeyman, the process must be completed in iKeyman. For example, a certificate that is generated by a certificate request that originated in iKeyman must be received in iKeyman as well.
The same is true for WAS. For example, when a certificate is generated from a certificate request that originated in WAS, the certificate must be received in WAS.
We can perform the following certificate operations using iKeyman:
Available certificate operations using iKeyman. This table describes the available certificate operations using iKeyman.
Types of certificates Functions Description Personal certificates Create a self-signed certificate Creates a self-signed certificate and stores it in a keystore. List personal certificates Lists all the personal certificates in a keystore. Get information about a personal certificate Gets information about a personal certificate. Delete a personal certificate Delete a personal certificate from a keystore. Import a certificate Imports a certificate from a keystore to a keystore. Export a certificate Exports a certificate from a keystore to another keystore. Extract a certificate Extracts the signer part of a personal certificate to a file. Receive a certificate Reads a certificate that comes from a certificate authority (CA) into a keystore. Signer certificates Add a signer certificate Add a signer certificate from a file to a keystore. List signer certificates Lists all the signer certificates in a keystore. Get information about a signer certificate Gets information about a signer certificate. Delete a signer certificate Delete a signer certificate from a keystore. Extract a signer certificate Extracts a signer certificate from a keystore, and stores the certificate in a file. Certificate requests Create a certificate request Creates a certificate request that can be sent to a CA. List certificate requests Lists the certificate requests in a keystore. Get information about a certificate request Gets information about a certificate request. Delete a certificate request Delete a certificate request from a keystore. Extract a certificate request Extracts a certificate request to a file.
Certificate management in SSL
Create a keystore configuration for a preexisting keystore file