220.127.116.11 Creating an SSL certificate on Edge Components Caching Proxy serverAdded by Enio Rubens Basso on March 21, 2013 | Version 1 (Original)
To enable SSL on the IBM Edge Components, you must use the key management utility, iKeyman
, to create a key for securing your network communications.
This key is defined in the IBM Edge Components configuration file.
For more information about enabling SSL on the IBM Edge Components, see WebSphere Application Server Information Center
The following are the steps to create an SSL key:
- On the IBM Edge Components installation directory, run ikeyman to open the key management utility:
From the menu bar, select Key Database File -> New and complete these fields:
- AIX/Linux: # ./ikeyman
- Microsoft Windows: > ikeyman
On the password prompt, complete the values:
- Key database type: Select CMS
- File Name: ProxyKeyConnections.kdb
- Location: The file location, for example, /opt/ibm/keyfile
From menu bar, select Create -> New -> Self-Sign Certificate and fill the following options:
- Define and confirm a password.
- Check Stash password to a file
You have finished of creating SSL certificate, see result:
- Key Label: Define a label to identify your certificate on the key file, for example, connections.itso.ibm.com
- Version: Define the SSL version to X509 V3
- Key Size: Set the size to 2048
- Signature Algorithm: Define the signature to SHA1WithRSA
- Common Name: Define the full qualified domain name (FQDN) that you choose to access your IBM Connections, for example, connections.itso.ibm.com
- Organization Name: Define the organization name, for example, IBM
- Organization: Define your unit, for example, ITSO
- Country or region: Select your country, for example, US
- Validity period: Set the days that the certificate is valid, for example, 3650 days
Next step is to extract the an SSL certificate from IBM HTTP server to import into the IBM Edge Components Cache Proxy server.