Note: The following instructions are for IBM IHS 7.0x. You can use them for older versions of Websphere as well as for IHS but there are some small interface differences.
The first step is to create a keystore, a file that contains the certificates and private key. You will create the keystore with IBM’s Key Management Utility, which comes installed with IHS Server:
1. Start the Key Management Utility (iKeyman).
Go to IBM IHS server bin directory and run ikeyman. In our case it is /app/IBM/HTTPServer/bin
cd /app/IBM/HTTPServer/bin ./ikeyman
3. Choose Key database type and select CMS. Give the keystore a name such as key.kdb.
5. Click OK.
6. After saving the key database file to the location specified, you are prompted to enter a password. This is the password that will be used to open the key database file in iKeyman in the future.
Your Key Database file is Ready.
9. Type a Key Label, Common Name, Organization, Locality, State, and select a Country. Select 2048 for Key Size. For common name enter the fully qualified domain name for the site you are securing (e.g. www.yourdomain.com). If you are generating a Websphere CSR for a Wildcard SSL Certificate make sure your common name starts with an asterisk (e.g. *.example.com).
9. You can now open that file in a text editor and send it to Certificate Authority to order your SSL certificate.
Make sure to remember where your kdb file is as it will be required later when installing your SSL certificate in IBM IHS / Websphere.