Installing your Certificate on a IBM HTTP Server

Using IKEYMAN for Certificate Installation

Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

• You will need to repeat this process for the AddTrustExternalCARoot.crt , UTNAddTrustServerCA.crt and PositiveSSLCA.crt (in this order)
• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
• Select Key Database File from the main User Interface, select Open.
• In the Open dialog box, select your key database name. Click OK.
• In the Password Prompt dialog box, enter your password and click OK.
• Select Signer Certificates in the Key Database content frame, click the Add button.
• In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
• In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
• Select Key Database File from the main User Interface, select Open.
• In the Open dialog box, select your key database name. Click OK.
• In the Password Prompt dialog box, enter your password, click OK.
• Select Personal Certificates in the Key Database content frame and then click the Receive button.
• In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."