Page History

...

Note the location and file name of the certificate request. Change the default name, or you may end up overwriting previous other certificate requests. In this example it would be C:\opt\IBMIHS\keys\www.krypton.com-.2012-03-13.certificate_request.arm.

Click OK.

Upon success you will see the following message,

You There will now see your be a certificate request as an item in the Key database content section.You can now exit iKeyman

Exit iKeyman which will also auto-save your changes.

Verify CSR

...

Backup Private Key

Backup all key related files. In this example, C:\opt\IBMIHS\keys\krypton.* should be copied.

Submit CSR

Send the arm file to your Certificate Authority.

Warning About the IBM Key Management Utility

At this stage you have generated a CRS which in turn generated a Private Key stored in your key database file krypton.kdb.

...

Import Private Key

The Certificate Authority will provide a signed certificate file which will be imported into your kdb file.

Backup Your Files (Again!)

The Key Management Utility saves to the Key Database File arbitrary depending on your action and saves things across multiple files. Backup your files before proceeding.

I have personally have had to recreate certificates from scratch due to improper backups.

Import Private Key

...

If your files become corrupt, the entire process will need to be restarted.

Rename CA Provided Certificates

The signed certificate will often be in a plain txt file. Rename the file to C:\opt\IBMIHS\keys\www.krypton.com.2012-03-14.signed_certificate.arm

The date included in the file name should reference when the certificates were received.

References

Has good steps and pictures - http://www-01.ibm.com/support/docview.wss?uid=swg21006430