...
Note the location and file name of the certificate request. Change the default name, or you may end up overwriting previous other certificate requests. In this example it would be C:\opt\IBMIHS\keys\www.krypton.com-.2012-03-13.certificate_request.arm.
Click OK.
Upon success you will see the following message,
Panel |
---|
A new certificate reqweuest has been successfully created in the file: C:\opt\IBMIHS\keys\www.krypton.com.2012-03-13.certificate_request.arm. You must send Send the file to a certification authority to request a certificate. |
You There will now see your be a certificate request as an item in the Key database content section.You can now exit iKeyman
Note |
---|
Do not use click the save button. It actually makes things confusing as it really is a save as... button. |
Exit iKeyman which will also auto-save your changes.
Verify CSR
...
Backup Private Key
Backup all key related files. In this example, C:\opt\IBMIHS\keys\krypton.* should be copied.
Submit CSR
Send the arm file to your Certificate Authority.
Warning About the IBM Key Management Utility
At this stage you have generated a CRS which in turn generated a Private Key stored in your key database file krypton.kdb.
...
Import Private Key
The Certificate Authority will provide a signed certificate file which will be imported into your kdb file.
Backup Your Files (Again!)
The Key Management Utility saves to the Key Database File arbitrary depending on your action and saves things across multiple files. Backup your files before proceeding.
Warning |
---|
It is strongly recommended to Remember backup the complete set together. In this example that would be all files krypton.* and not just krypton.kdb. |
I have personally have had to recreate certificates from scratch due to improper backups.
Import Private Key
...
If your files become corrupt, the entire process will need to be restarted.
Rename CA Provided Certificates
The signed certificate will often be in a plain txt file. Rename the file to C:\opt\IBMIHS\keys\www.krypton.com.2012-03-14.signed_certificate.arm
The date included in the file name should reference when the certificates were received.
References
Has good steps and pictures - http://www-01.ibm.com/support/docview.wss?uid=swg21006430