Personal certificates collection
Use this page to manage personal certificates.
To view this administrative console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related items, click Key stores and certificates > key store . Under Additional Properties, click Personal certificates.
The Personal certificates page lists all personal certificates in the selected key store. You can do most certificate management operations in this panel, including creating a new self-signed certificate, deleting a certificate, receiving one generated from a CA, replacing a certificate (simultaneous delete and create, replacing references across all key stores), extracting the signer, and importing or exporting a personal certificate.
Personal certificate requests are temporary place holders for certificates that will be signed by a certificate authority (CA).
The Key store collection must contain at least two key store files. You must select one file in order to replace, extract, or export a key store,
Button | Resulting action |
---|---|
Create (drop-down list) | Enables the application server to create the
following certificates:
|
Delete | Specifies to delete a certificate from the key store. Be careful that the certificate alias is not referenced elsewhere in the Secure Sockets Layer configuration. The delete function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces. |
Receive a certificate from a certificate authority | Enables the application
server to receive a
certificate authority (CA)-generated certificate from a file to complete
a certificate request. The receive a certificate from a certificate authority function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces. |
Replace |
Replaces
a personal certificate with another personal certificate. All key
stores in the configuration looking for signer certificate form the
original personal certificate and replaces them with the new personal
certificates signer. Any place in the security configuration where
the certificate alias is referenced will be replaced with the new
certificate alias. The replace function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces. |
Extract | Extracts the signer part of personal certificate from the key store and stores it to a file. The file can then be used to add the signer to another key store. |
Import | Imports
a certificate, including the private
key, from a key store file or managed key store. The import function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces. |
Export | Exports a certificate, including the private
key, to a specified key store file or manage key store. The export function is not available using the administrative console for certificates that are stored in RACF unless the server is configured for writable keyring support. See Creating writable SAF keyrings and Using writable SAF keyrings for more information on using writable keyring support. Optionally, this function is supported using the RACF administration interfaces. |
Revoke | Revokes a CA-signed certificate. |
Renew | Renews a self signed or chained certificate. |
Alias
Specifies the alias by which the personal certificate is referenced in the key store.
When you select an alias, the View Certificate panel opens.
Issued by
Specifies the distinguished name of the entity by which the certificate was issued. This name is the same as the issued-to distinguished name when the personal certificate is self-signed.
Issued to
Specifies the distinguished name of the entity to which the certificate was issued.
Serial number
Specifies the certificate serial number that is generated by the issuer of the certificate.
Expiration
Specifies the expiration date of the signer certificate for validation purposes.