Generate CSR IBM HTTP Server

Toll Free: 800-892-7095

Generate CSR: IBM HTTP Server

Follow these instructions to generate a Private Key and CSR.

Before You Begin

To work with certificates on your IBM server, IBM has a tool called IBM Key Management Utility (IKEYMAN). IKEYMAN is used to create key databases, public-private key pairs, and certificate requests. In order to use IKEYMAN you have to setup your system environment to be able to run IKEYMAN.

Set up your System Environment to run IKEYMAN

Set the home where the JDK is installed: EXPORT JAVA_HOME=the JDK home directory full path name
The minimum JDK level for IKEYMAN support: On AIX: 1.1.6+ or 1.1.8, On WIN32: 1.1.8, On HP, SUN and Linux: 1.1.7
If you want the ability to run IKEYMAN from any directory, add the path where IKEYMAN is installed to your PATH environment variable: EXPORT PATH=$IKEYMAN_HOME/bin:$PATH

Starting and Using IKEYMAN

To start the IKEYMAN graphical user interface:

On AIX, Linux, or Solaris, type ikeyman on the command line.
On Windows, go to the start UI and select Start Key Management Utility.

Creating a New Key Database

Before you can start working with certificates, keys, and requests you’ve got to create a new key database. A key database is a file that the server uses to store one or more key pairs and certificates. You can use one key database for all your key pairs and certificates or create multiple databases.

To create a new key database:

Enter ikeyman on a command line on Unix or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main UI, then select New.
In the New dialog box, enter your key database name or click key.kdb if you are using the default. Click OK.
In the Password Prompt dialog box, enter your correct password. Click OK.

Creating a new Key Pair and Certificate Signing Request (CSR)

Key pairs and certificate requests are stored in a key database. To create a public-private key pair and certificate request:

If you have not created the key database, see Creating a new key database above for instructions.
Enter ikeyman on a command line on Unix or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main UI, then select Open.
In the Open dialog box, enter your key database name or click on key.kdb if you are using the default. Click OK.
In the Password Prompt dialog box, enter your correct password and click OK.
Select Create from the main UI, then select New Certificate Request.
In the New Key and Certificate Request dialog box, enter:
- Key Label: Enter a descriptive comment that is used to identify the key and certificate in the database.
- Keysize (1024 is recommended)
You will be asked for several pieces of info which will be used by GeoTrust to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
Click OK.
In the Information dialog box, click OK. You will be reminded to send the file to a certificate authority.
Save a copy of your CSR. The CSR will be needed during the online order process. You'll be asked to copy-and-paste your CSR into a special CSR box.

Below is an example of what your CSR will look like. This is a example only and cannot be used to generate your SSL certificate.
-----BEGIN CERTIFICATE REQUEST----- MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs +iAv -----END CERTIFICATE REQUEST-----

Additional Resources:

These instructions are derived from documentation on the IBM web site:

Learn more about securing your IBM HTTP Server
Learn more about IKEYMAN at IBM

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples. (also see About the CSR)

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

www.domain.com
owa.domain.net
secure.domain.ca
*.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)

Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of at least 1024.

Our Customers

(see more)