Download and copy your certificate files to your server
Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Unzip the files and copy them into the directory where you will keep your certificates. Some files in the zip may or may not be used depending on your server type.
Starting and Using IKEYMAN
To start the IKEYMAN graphical user interface:
- On AIX, Linux, or Solaris,type
ikeyman on the command line.
- On Windows, go to the start UI and select Start Key Management Utility.
1. Install the GeoTrust Root and Intermediate CA Certificate(s)
- Start the IBM Key Management utility, IKEYMAN.
- Open the key database file that was used to create the certificate request.
- Enter the password, and then click OK.
- Select Signer Certificates and then click Add.
- Click Data type, and select a data type, such as Base64-encoded ASCII data. This data type must match the data type of the importing certificate.
- In the Key Management panel, go to the pull-down menu and select Signer Certificates.
- Browse to and select the file GeoTrust_Root.crt (if you get a message that this certificate has already been installed just continue).
- Now complete the previous steps again but this time for...
- GeoTrust_Intermediate_2.crt(label: GeoTrust Primary Certification Authority) (EV certs only)
- GeoTrust_Intermediate.crt (label: GeoTrust Extended Validation SSL CA) (for all cert products).
2. Install the SSL Server Certificate
- Start the iKeyman GUI using either the gsk7ikm command (UNIX) or the strmqikm command (Windows).
- Choose Open from the Key Database File menu. Click Key database type, and select CMS.
- Click Browse to navigate to the directory containing the key database files.
- Select the key database file to which you want to add the certificate. For example, key.kdb.
- Click Open.
- In the Password Prompt window, type the password you set when you created the key database and then click OK.
- Select the Personal Certificates view.
- Click Receive.
- In the Receive certificate from a file window, select the data type of the new SSL certificate. For example, Base64-encoded ASCII for a file with the .arm extension.
- Click Browse to select the SSL server certificate file your_domain_com.crt.
- Click OK.
To verify if your certificate is installed correctly, use our Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter
https://secure.mysite.com into your browser.
Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
These instructions are derived from documentation on the IBM web site:
Disclaimer: GeoCerts has made efforts to ensure the accuracy and completeness of the information in this document. However, GeoCerts makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. GeoCerts assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, GeoCerts assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. GeoCerts reserves the right to make changes to any information herein without further notice.
Please contact our support team if you have any additional problems or questions.