Making server certificates available to clients

The following is a summary of the steps required to make a certificate available to download clients that connect securely to the Redirector or any other telnet server.

  1. If the clients connect to a server, obtain a copy of the server's certificate. The Redirector's certificate can be extracted directly when created or received in Certificate Management.
  2. Add the certificate to the certificate container, CustomizedCAs.p12 (if it exists) and CustomizedCAs.class.
  3. Make CustomizedCAs.p12 or CustomizedCAs.class available to clients.

Take the following steps to do this using the Certificate Management utility:

  1. On a Windows server, click Start > Programs > IBM WebSphere Host On-Demand > Administration > Certificate Management.
  2. Open the CustomizedCAs.p12 file using the password hod.
    Starting with Host On-Demand Version 8, you can no longer create or update CustomizedCAs.class using the Certificate Management utility (IKEYMAN) on Windows and AIX platforms. The utility only allows you to create or update a newer version of this file called CustomizedCAs.p12. In order to update CustomizedCAs.class, you must run a reverse-migration tool. For more information, refer to Migrating from CustomizedCAs.class to CustomizedCAs.p12.
  3. Select Signers from the drop-down list and click the Add button.
  4. Enter the location of the file where the server certificate has been extracted.
  5. Enter a label for the certificate and click OK.
  6. Make sure that the certificate label is visible in the list of signers.
  7. On an AIX server, enter CertificateManagement from a command prompt. The default location of the AIX script is /usr/opt/hostondemand/bin. Please refer to Running Certificate Management on AIX.
  8. Follow the instructions in the Help for making certificates available to clients.
  9. Exit Certificate Management.

When you have finished working with certificates, you must configure the Host On-Demand clients to use SSL.

Related topics