Using a self-signed
If you decide not to purchase a CA's certificate, you can create your own (self-signed) server
or client certificate. You can also use a self-signed certificate while you are waiting for a
certificate from a CA, which can take some time.
To create and use a self-signed certificate:
- On a Windows NT server, click Start > Programs > IBM Host On-Demand
> Administration > Certificate Management.
- On an AIX server, enter CertificateManagement from a command prompt. The default location
of the AIX script is /usr/opt/server_dir/bin. Refer to
Running Certificate Management on AIX for additional
- Follow the instructions in the Help to create the self-signed certificate.
- If this is a server certificate, store it in the HODServerKeyDb.kdb database and then
make it available to clients. If this is a client
certificate, store it in the HODClientKeyDb.kdb database, export it to a password-protected
PKCS12 file and then send the file and its password to the user. Make sure the file is secure
when sent to the user. If a non-secure protocol such as e-mail, http or ftp is used to send
the file over the Internet, the certificate's security can be compromised.
- Exit Certificate Management.