How to install a SSL Certificate for IBM HTTP


Step 1: Obtain Intermediate CA Certificate

  • Copy the Intermediate CA certificate from your Secure128 portal under “Order Details”.
  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

Step 2: Install Symantec Intermediate CA Certificate

  • Start the key management utility (iKeyman):
    • On Windows: Go to the start UI and select Start Key Management Utility
    • On AIX, Linux or Solaris: Type ikeyman on the command line
  • Open the key database file that was used to create the certificate request.
  • Enter the password, then click OK.
  • Click on the "down arrow" to the right, to display a list of three choices.
  • Select Signer Certificates, then click Add.
  • Click Data Type and select a data type, such as Base64-encoded ASCII data.

NOTE: This data type must match the data type of the importing certificate.

  • Enter a file name and location for intermediate.cer digital certificate or click Browse to select a file name and location.
  • Click OK.
  • Enter a label for importing certificate, for example: Intermediate CA
  • Click OK.
  • The Signer Certificates field displays the label of the signer certificate you added.

Step 3: Obtain and Install your SSL Certificate

  • The SSL certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email. Copy the certificate.
  • The text file should look like this:

-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----

  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
  • Open the .kdb file using the iKeyman utility:
    • On Windows: Go to the start UI and select Start Key Management Utility
    • On AIX, Linux or Solaris: Type ikeyman on the command line
  • In the middle of the iKeyman GUI you will see a section called Key database content
  • Click on the "down arrow" to the right, to display a list of three choices
  • Select Personal Certificates
  • From the Personal Certificates section, click Receive
  • Data Type - leave the default of "Base64-encoded ASCII data"
  • Browse to the directory that contains the .cert or .arm file
  • Highlight the file and click Open.
  • Now click OK on this dialog box

Step 5. Transfer Certificate

  • To extract an SSL certificate from a key database file and store it in a CA key ring file, start the iKeyman graphical user interface
  • Run following command:
    • On Windows: strmqikm
    • On UNIX: gsk7ikm
  • Choose Open from the Key Database File menu. Click Key database type, and select CMS.
  • Click Browse to navigate to the directory containing the key database files
  • Select the key database file to which you want to add the certificate. For example, key.kdb.
  • Click Open
  • In the Password Prompt window, type the password you set when you created the key database and then click OK.
  • Select Signer Certificates in the Key database content field, and then select the certificate you want to extract.
  • Click Extract
  • Select the Data type of the certificate. For example, Base64-encoded ASCII
  • Click Browse to select the name and location of the certificate file name
  • Click OK; The certificate is written to the file you specified

Verify your Certificate is installed correctly

BACK