000026033 - How to create a Keon Certificate Authority SSL server certificate for IBM WebSphere 5.3

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026033
Applies ToKeon Certificate Authority 6.5.1
Microsoft Windows 2000 Server SP3
IBM WebSphere 5.3
Original Certificate Signing Request (CSR) was created using IBM keytools
IssueHow to create a Keon Certificate Authority SSL server certificate for IBM WebSphere 5.3
A valid SSL server certificate should look similar to the following:

TOBESIGNED: 
  VERSION:  3
  SERIAL:  0x175d3916 77493bfa b92d24ff ce5924d6
  INNER SIGNATURE: 
    ALG. ID:     id-sha1-with-rsa-encryption
    PARAMETER:   0
  ISSUER: 
    Organization Name:          ACME Trust Network
    Organizational Unit Name:   ACME
  VALIDITY: 
    Not Before:  Dec 30, 03 00:00:00 GMT
    Not After:   Dec 29, 04 23:59:59 GMT
  SUBJECT: 
    Country Name:               US
    State Or Province:          California
    Locality Name:              Some Valley
    Organization Name:          Joe's Garage
    Organizational Unit Name:   Repair
     Common Name:                ibmwebsphere
  PUBLIC KEY:  (key size is 1024 bits)
  ALGORITHM: 
    ALG. ID:    id-rsa-encryption
    PARAMETER:  0
  MODULUS:   0x00bd46b0 d5ae1dbf 5df81756 2a1b732a
               a5416e0f 0e5122c7 b174b850 18ea2906
               552bf19c 62021314 4e734521 02ebb934
               1b5bf658 01969f9e 32f70638 8f2ef078
               e2514c7a ee66daf8 48e42eed 25303d09
               fc762c88 5d6743d7 e8ff0a09 b32aff9f
               628083c6 a0a347cb 6f89895a 4e4a5c5e
               81b66f65 f5bfe27e d43bf189 2b34830f
               8b
  EXPONENT:  0x010001
  EXTENSIONS: 
    Basic Constraints:            Defaulted to EE
    Key Usage:                    Digital Signature, Key Encipherment
    CRL Distribution Points:     
    Distribution Point 1:        
      Uniform Resource ID:        http://crl.acme.com/Server.crl
    Certificate Policies:        
      Policy 1:                    
      ID:                         2.16.840.1.113733.1.7.23.3
      Qualifier 1:                cps (id-qt-cps)
      CPS uri:                    https://www.acme.com/rpa
    Extended Key Usage:           Netscape Step-up, Server Authorization, Client
                                  Authorization
    Authority Information Access:
      Method:                     id-ad-ocsp
      Location:                  
        Uniform Resource ID:      http://ocsp.acme.com
    1 3 6 1 5 5 7 1 12:           NOT parsed.
SIGNATURE: 
  ALG. ID:    id-sha1-with-rsa-encryption
  PARAMETER:  0
  VALUE: 0xc319eb0c ba67b5bf 006ef6d3 3a523535
           81e2d87e aeaf1d62 5ba4e8ca bc938cca
           9e5048f2 81eb05e8 6f940291 ca02e1e8
           6c2e7a34 595d7605 ec396d8a adebcae3
           715e7615 8cc414cc 7af333e2 fa44e23f
           97ad46b4 f197564f 0ccb18b8 c23b02da
           e725b882 662bd77f 7973ed0c 087043da
           4a923d42 1160bec0 d9aa9290 3e265786
Ancillary Data: 
PUBKEY HASH:  0x13c65cb1 28e26cdb e5831258 545511eb c120cda9
WALLET HASH:  0x26f94f73 97be7a75 25119a37 5d6268a4 dc597713
ResolutionIBM WebSphere uses a P12 file to install the SSL Server certificate. Using IBM key tool with KCA and the following articles from the IBM support web site explains the process:

http://www-1.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&q1=ssl&q2=windows&uid=swg21167750&loc=en_US&cs=utf-8&lang=en

http://www-1.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&q1=ssl&q2=windows&uid=swg21109645&loc=en_US&cs=utf-8&lang=en
Legacy Article IDa22674

Attachments

    Outcomes