Contact
How do I install Secure Site EV SSL certificate on an IBM Websphere 5.1 server?
Posted by Gareth S on 23 November 2012 01:33 PM

To install Secure Site EV SSL certificate on an IBM Websphere 5.1 server, follow these steps:

IMPORTANT:

In order for your EV SSL Certificate to function properly, you must install two (2) VeriSign EV Intermediate CA Certificates on your Web server. The Primary EV Intermediate CA Certificate and a Secondary EV Intermediate CA Certificate. To avoid any issue with installation, please ensure that you complete Step 1: Install Intermediate CA Certificates.

Step 1: Install the Extended Validation Intermediate CA Certificates

1. Download the Primary and Secondary EV Intermediate CA certificates

 

  • From the Approval email as a cert.cer attachment. If the attachment has been stripped from the email, retrieve the certificate from the body of the Approval email. For instructions on retrieving the certificate from the body of the email see solution SO2132


If Using the iKeyman graphical user interface (GUI) follow these steps:

2. Start the iKeyman GUI using either the gsk7ikm command (UNIX) or the strmqikm command (Windows)
 
NOTE: To use the iKeyman GUI, be sure that your machine can run the X Windows system
 
3. Choose Open from the Key Database File menu
 
4. Click Key database type, and select CMS
 
5. Click Browse to navigate to the directory containing the key database files
 
6. Select the key database file to which you want to add the certificate. For example, key.kdb
 
7. Click Open
 
8. In the Password Prompt window, type the password you set when you created the key database and then click OK
 
9. Select the Personal Certificates view
 
10. Click Receive
 
11. In the Receive certificate from a file window, select the data type of the new SSL certificate. For example, Base64-encoded ASCII for a file with the .arm extension  
 
12. Click Browse to select the name and location of the certificate file name
 
13. Click OK

If Using the iKeycmd (command line interface) follow these steps:

To install a certificate in iKeycmd (using UNIX command line), use these commands:

  • gsk7cmd -cert -receive -file filename -db filename -pw password -format ascii
     

To install a certificate in iKeycmd (using Windows command line), use these commands:

  • runmqckm -cert -receive -file filename -db filename -pw password -format ascii

where:
 
- file filename is the fully qualified file name of the file containing the personal certificate.
- db filename is the fully qualified file name of a CMS key database.
- pw password is the password for the CMS key database.
- format ascii is the format of the certificate.
  The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.

Step 3: Transferring Certificates

You can extract an SSL certificate from a key database file and store it in a CA key ring file by performing the following steps:

If Using the iKeyman graphical user interface (GUI) follow these steps:

1. Start the iKeyman graphical user interface (GUI) using either the gsk7ikm command (UNIX) or the strmqikm command (Windows)

2. Choose Open from the Key Database File menu. Click Key database type, and select CMS

3. Click Browse to navigate to the directory containing the key database files

4. Select the key database file to which you want to add the certificate. For example, key.kdb

5. Click Open

6. In the Password Prompt window, type the password you set when you created the key database and then click OK

7. Select Signer Certificates in the Key database content field, and then select the certificate you want to extract

8. Click Extract

9. Select the Data type of the certificate. For example, Base64-encoded ASCII data for a file with the .arm extension

10. Click Browse to select the name and location of the certificate file name

11. Click OK. The certificate is written to the file you specified

If Using the iKeycmd (command line interface) follow these steps:

 To extract a certificate in iKeycmd (using UNIX command line), use these commands:

  • gsk7cmd -cert -extract -db filename -pw password -label label -target filename -format ascii 

 To extract a certificate in iKeycmd (using Windows command line), use these commands: 

  • runmqckm -cert -extract -db filename -pw i -label label -target filename -format ascii

  where:
 
 - db filename is the fully qualified pathname of a CMS key database. 
 - pw password is the password for the CMS key database.
 - label is the label attached to the certificate.
 - target filename is the name of the destination file.
 
- format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii
 
To verify if your certificate is installed correctly, use the Symantec Installation Checker
 
IBM Support
 
For more information, please contact IBM

From the list below, select the appropriate Intermediate CA based on your SSL certificate product:
 

Disclaimer:

Symantec Corporation has made efforts to ensure the accuracy and completeness of the information in this document. However, Symantec Corporation makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Symantec Corporation assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, Symantec Corporation assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Symantec Corporation reserves the right to make changes to any information herein without further notice.

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Leave Your Feedback:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

© 2012 SSLHelpdesk.com All rights reserved • Privacy PolicyTerms of Service