A.4 Managing Certificates
There are two kinds of certificates used by the Appliance, JVM certificates and Web Application certificates. The JVM certificates are for the IBM Java package that is bundles with the underlying SLES OS. The Web Application certificates are your standard server certificates for the Appliance.
The Appliance ships with a self-signed certificate that should be sufficient for the vast majority of deployments because the Appliance is usually deployed inside your firewall. If needed, you can generate a Certificate Signing Request to get your own certificate created and upload that certificate to the Appliance.
A.4.1 Creating a New Self-Signed Certificate
-
On the page
> drop-down list, ensure that is selected.
-
Click > , then specify the following information:
Alias: Specify a name that you want to use to identify and manage this certificate.
Validity (days): Specify how long you want the certificate to remain valid.
Key Algorithm: Select either or .
Key Size: Select the desired key size.
Signature Algorithm: Select the desired signature algorithm.
Common Name (CN): This must match the server name in the URL in order for browsers to accept the certificate for SSL communication.
Organizational Unit (OU): (Optional) Small organization name, such as a department or division. For example, Purchasing.
Organization (O): (Optional) Large organization name. For example, Micro Focus
City or Lacality (L): (Optional) City name. For example, Provo.
State or Province (ST): (Optional) State or province name. For example, Utah.
Two-letter Country Code (C): (Optional) Two-letter country code. For example, US.
-
Click to create the self-signed certificate.
A.4.2 Getting a Certificate Signed by a Certificate Authority
-
On the page
> drop-down list, ensure that is selected. Select the self-signed certificate, then click > > .
-
Send the certificate to a certificate authority (CA), such as Verisign, using whatever process they have defined.
Usually, the CA takes your Certificate Signing Request (CSR) and generates an official certificate based on the information in the CSR. The CA then mails the new certificate and certificate chain back to you.
IMPORTANT:The certificate needs to be in P12(pkcs12) format in order for it to work for the Appliance.
-
After you have received the certificate and certificate chain from the CA:
-
Revisit the Digital Certificates page by clicking from the appliance.
-
Click > > . Browse to the trusted certificate chain that you received from the CA, then click .
-
Select the self-signed certificate, then click > > .
-
Browse to and upload the official certificate to be used to update the certificate information.
On the Digital Certificates page, the name in the column for your certificate changes to the name of the CA that stamped your certificate.
-
-
Activate the certificate, as described in Activating a Certificate.
A.4.3 Using an Existing Certificate and Key Pair
When you use an existing certificate and key pair, use a .P12 key pair format.
-
On the page
, click > > . Browse to and select your existing certificate, then click .
-
Click > > . Browse to your existing certificate chain for the certificate that you selected in Step 1, then click .
-
Click > > , then browse to and select your P12 key pair file, specify your password if needed, then click OK.
Because of a browser compatibility issue with HTML 5, the path to the certificate is sometimes shown as c:\fakepath. This does not adversely affect the import process.
-
Continue with Activating a Certificate.
A.4.4 Activating a Certificate
-
On the page
, select the certificate that you want to make active, click , then click .
-
Verify that the certificate and the certificate chain were created correctly by selecting the certificate and clicking .