Personal certificates collection

Use this page to manage personal certificates.

To view this administrative console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related items, click Key stores and certificates > key store . Under Additional Properties, click Personal certificates.

The Personal certificates page lists all personal certificates in the selected key store. You can do most certificate management operations in this panel, including creating a new self-signed certificate, deleting a certificate, receiving one generated from a CA, replacing a certificate (simultaneous delete and create, replacing references across all key stores), extracting the signer, and importing or exporting a personal certificate.

Personal certificate requests are temporary place holders for certificates that will be signed by a certificate authority (CA).

The Key store collection must contain at least two key store files. You must select one file in order to replace, extract, or export a key store,

Table 1. Personal certificates buttons. This table lists the personal certificates buttons.
Button Resulting action
Create (drop-down list) Enables the application server to create the following certificates:
  • Self-signed Certificate

    [z/OS]The create a self-signed certificate function is not available using the administrative console for certificates that are stored in Resource Access Control Facility (RACF®), unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.

  • CA-signed Certificate

    [z/OS]The create CA signed certificate function is not available using the administrative console for certificates that are stored in RACF, unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.

  • Chained Certificate

    [z/OS]The create a chained certificate function is not available using the administrative console for certificates that are stored in RACF, unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Delete

[AIX Solaris HP-UX Linux Windows][IBM i]Specifies to delete a certificate from the key store. Be careful that the certificate alias is not referenced elsewhere in the Secure Sockets Layer configuration.

[z/OS]The delete function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Receive a certificate from a certificate authority Enables the application server to receive a certificate authority (CA)-generated certificate from a file to complete a certificate request.

[z/OS]The receive a certificate from a certificate authority function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Replace

[AIX Solaris HP-UX Linux Windows][IBM i]

Replaces a personal certificate with another personal certificate. All key stores in the configuration looking for signer certificate form the original personal certificate and replaces them with the new personal certificates signer. Any place in the security configuration where the certificate alias is referenced will be replaced with the new certificate alias.

[z/OS]The replace function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Extract Extracts the signer part of personal certificate from the key store and stores it to a file. The file can then be used to add the signer to another key store.
Import Imports a certificate, including the private key, from a key store file or managed key store.

[z/OS]The import function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Export Exports a certificate, including the private key, to a specified key store file or manage key store.

[z/OS]The export function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces.
Revoke Revokes a CA-signed certificate.
Renew Renews a self signed or chained certificate.

Alias

Specifies the alias by which the personal certificate is referenced in the key store.

When you select an alias, the View Certificate panel opens.

Issued by

Specifies the distinguished name of the entity by which the certificate was issued. This name is the same as the issued-to distinguished name when the personal certificate is self-signed.

Issued to

Specifies the distinguished name of the entity to which the certificate was issued.

Serial number

Specifies the certificate serial number that is generated by the issuer of the certificate.