Search Support
contact us

Let Us Make it Easy for You. Call 1-877-898-3290 for MyTime Support™. Learn More

Generating a Certificate Signing Request or CSR Topics

Article Rating: 2 / 5 Votes: 15

CSR for IBM® WebSphere Advanced Single Server Edition 4.0

Instructions for generating a CSR for IBM® WebSphere Advanced Single Server Edition 4.0

Before being able to enable SSL on WebSphere, you need to have your own certificate. This certificate can be a self-certificate for testing purpose but in any production case, you should have a certificate issued by a Trusted CA. The following steps describe how to get your own certificate.


Creating a keystore

A keystore is where your private key will be saved, in a secure way, and the certificate belongs to it. This keystore can be created either with the SUN keytool or with ikeyman a tool from IBM that is distributed with WebSphere Advanced Single Server Edition 4.0.


Starting ikeyman tool


The command to start it is:
Once it is started, the following screen appears:


Specifying a keystore

From the main application, you can either use an existing keystore or create a new one. In the example below we want to create a new keystore that will be used only by WebSphere.
In the IBM Key Management console, select the option Key Database File/New. A dialog box will appear:


The options are:




Key database type


File Name

The name of the keystore. In the example: .keystore


The location of the keystore. In the example: /usr/bin/java/Websphere/bin


Creating a certificate request

You first need to create a certificate request before getting your certificate. The certificate request is created in Create/New Certificate Request. A new dialog box will appear where you are asked to enter some information:



The options are:




Key Label

A name that identify the request in list screen. For instance, sitecert

Key Size

Use the default value of 1024

Common Name

This is the Fully Qualified Domain Name, this is what will be in the URL after (but not including) the 'http://' and before the next '/'.


The Organization name. Example: Network Solutions

Organization Unit

The Organizational Unit. Example: R&D


The locality of your organization. Example: Herndon


The province of your organization. Example: Virginia


The country of your organization. Example: US

Request file name

This is the name of the file where your CSR will be created.
In the example: /usr/bin/java/Websphere/bin/certreq.arm


Now click on OK to generate your request. When the request is created, a key pair is also generated (a private key only stored in the keystore and a public key stored in the certificate you receive). If the request is successfully created, a dialog should inform you about it:

You will need the contents of this file when applying for your certificate.