Step 3. Create a public-private key pair and certificate request
Use the server's Key Management Utility (IKEYMAN)
to create a new key public-private key pair and certificate request.
- Type ikeyman at the command line.
- Select Key Database File > Open.
- Type your key database name or click the default filename
key.kdb. Click OK.
- Type your password and select the checkbox to stash the password to a file. You will now see
DB-Type: CMS key database file.
- Select Create > New Certificate Request.
- Enter the following:
- Key Label - www.companyA.com.
- Keysize - 512.
- Organization - Company A.
- Organization Unit - Division 1.
- Locality - Raleigh.
- State/Province - NC.
- Zipcode - 22903.
- Country - US.
- file name - certreq.arm
- Click OK. This message appears: A new certificate request has been successfully
created in the file keyfile_database_name
- Click OK. Now the label name should show up under the
Personal Certificate Requests heading.
- To exit the IKEYMAN, select Key Database File > Exit.
Start a Web browser and enter the URL of the CA from
whom you want to obtain the certificate. To send your certificate, follow the
instructions provided by the CA. In this example, a request will be sent to
a CA that is already designated as a trusted root CA on the server.
Note: It usually takes two to three weeks to get a certificate from a
well-known trusted CA. While you are waiting for the CA to process your certificate
request, you can use IKEYMAN to create a self-signed
server certificate to enable SSL sessions between clients and the server.