Installation Instructions for IBM HTTP Server running IKEYMAN GUI

Solution ID:    SO19092    Updated:    09/15/2015

Solution


This document provides instructions for installing SSL Certificates for IBM HTTP Server using the IKEYMAN GUI. If you are unable to use these instructions for your server, Symantec recommends that you contact IBM.

NOTE: Keep in mind that to successfully use the certificate sent by Symantec, the Intermediate CA certificates and your SSL certificate must be imported into same key file from which the certificate request was generated. Ikeyman gives errors when you try to import the Symantec certificate into a key file that does not contain the certificate request.
 

Step 1: Download the Symantec Intermediate CA Certificate

  1. Download the Intermediate CA certificate from this link: INFO657
  2. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: To check which certificate type you have purchased, follow the steps from this link: SO13499
  3. Copy the Intermediate CA certificate and paste it on a Notepad.
  4. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  5. Save the file as intermediate.cer


Step 2: Install Symantec Intermediate CA Certificate

  1. Start the key management utility (iKeyman):

    On Windows: Go to the start UI and select Start Key Management Utility

    On AIX, Linux or Solaris: Type ikeyman on the command line
     
  2. Open the key database file that was used to create the certificate request.
  3. Enter the password, then click OK.
  4. Click on the "down arrow" to the right, to display a list of three choices.
  5. Select Signer Certificates, then click Add.
  6. Click Data Type and select a data type, such as Base64-encoded ASCII data.
    NOTE: This data type must match the data type of the importing certificate.
  7. Enter a file name and location for intermediate.cer digital certificate or click Browse to select a file name and location.
  8. Click OK.
  9. Enter a label for importing certificate, for example: Intermediate CA
  10. Click OK.
  11. The Signer Certificates field displays the label of the signer certificate you added.


Step 3: Obtain the SSL Certificate 

  1. The Symantec certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email.
  2. Copy and paste the certificate into a text file using Vi or Notepad
    The text file should look like:
    -----BEGIN CERTIFICATE-----
        
            [encoded data]

    -----END CERTIFICATE-----
     
  3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

    NOTE: You can also download the certificate from your Symantec Trust Center account by following the steps from this link: SO8061
    When downloading the certificate, please select X.509 as a certificate format and copy only the End Entity Certificate
     
  4. Save the file with extension .cer


Step 4: Install the SSL Certificate

  1. Open the .kdb file using the iKeyman utility: 

    On Windows: Go to the start UI and select Start Key Management Utility

    On AIX, Linux or Solaris: Type ikeyman on the command line
     
  2. In the middle of the iKeyman GUI you will see a section called Key database content
  3. Click on the "down arrow" to the right, to display a list of three choices
  4. Select Personal Certificates

  5. From the Personal Certificates section, click Receive


     
  6. Data Type - leave the default of "Base64-encoded ASCII data"


     
  7. Browse to the directory that contains the .cert or .arm file
  8. Highlight the file and click Open.
  9. Now click OK on this dialog box


     


Step 5. Transfer Certificate

  1. To extract an SSL certificate from a key database file and store it in a CA key ring file, start the iKeyman graphical user interface
  2. Run following command:

    On Windows: strmqikm

    On UNIX: gsk7ikm
     
  3. Choose Open from the Key Database File menu. Click Key database type, and select CMS.
  4. Click Browse to navigate to the directory containing the key database files
  5. Select the key database file to which you want to add the certificate. For example, key.kdb.
  6. Click Open
  7. In the Password Prompt window, type the password you set when you created the key database and then click OK.
  8. Select Signer Certificates in the Key database content field, and then select the certificate you want to extract.
  9. Click Extract.
  10. Select the Data type of the certificate. For example, Base64-encoded ASCII
  11. Click Browse to select the name and location of the certificate file name.
  12. Click OK. The certificate is written to the file you specified.
  13. Verify your installation with the Symantec Installation Checker

 

IBM Support

 

         For more information, refer to IBM documentation
 

 

Legacy ID

vs40616

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers