How to install a SSL Certificate for IBM Websphere MQ using IKEYMAN GUI


Step 1: Obtain Intermediate CA Certificate

  • Copy the Intermediate CA certificate from your Secure128 portal under “Order Details”.
  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

Install Intermediate CA Certificate

  • Start the key management utility (iKeyman):
    • On Windows: Go to the start UI and select Start Key Management Utility
    • On AIX, Linux or Solaris: Type ikeyman on the command line
  • Open the key database file that was used to create the certificate request
  • Enter the password, then click OK
  • Select Signer Certificates, then click Add
  • Click Files of Type and select All Files
  • Enter a file name and location for intermediate.cer digital certificate or click Browse to select a file name and location
  • Click OK
  • Enter a label for importing certificate, for example: Intermediate CA
  • Click OK
  • The Signer Certificates field displays the label of the signer certificate you added

Step 3: Obtain and Install your SSL Certificate

  • The SSL certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email. Copy the certificate.
  • The text file should look like this:

-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----

  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
  • Start the key management utility (iKeyman):
    • On Windows: Go to the start UI and select Start Key Management Utility
    • On AIX, Linux or Solaris: Type ikeyman on the command line
  • Choose Open from the Key Database File menu. Click Key database type, and select CMS
  • Click Browse to navigate to the directory containing the key database files
  • Select the key database file to which you want to add the certificate. For example, key.kdb
  • Click Open
  • In the Password Prompt window, type the password you set when you created the key database and then click OK
  • Select the Personal Certificates view
  • Click Receive
  • Click Browse to select the name and location of the certificate file name.
  • Click OK

Verify your Certificate is installed correctly

BACK