Note: The following instructions are for IBM IHS 7.0x. You can use them for older versions of Websphere as well as for IHS but there are some small interface differences.

The first step is to create a keystore, a file that contains the certificates and private key. You will create the keystore with IBM’s Key Management Utility, which comes installed with IHS Server:

1. Start the Key Management Utility (iKeyman).
Go to IBM IHS server bin directory and run ikeyman. In our case it is /app/IBM/HTTPServer/bin

cd /app/IBM/HTTPServer/bin

2. In the IBM Key Management Utility, click on Key Database File and then New.

3. Choose Key database type and select CMS. Give the keystore a name such as key.kdb.

4. Click the Browse button. Go to /app/IBM/HTTPServer/certificates or to a different location where you want to store your keystore file.

5. Click OK.

6. After saving the key database file to the location specified, you are prompted to enter a password. This is the password that will be used to open the key database file in iKeyman in the future.

7. Make sure check box Stash the password to a file is enabled. this saves the encrypted password file as a .sth file in the same directory as the key database file. Now click OK

Your Key Database file is Ready.

8. Click Create then New Certificate Request to bring up the Create New Key and Certificate Request dialog.

9. Type a Key Label, Common Name, Organization, Locality, State, and select a Country. Select 2048 for Key Size. For common name enter the fully qualified domain name for the site you are securing (e.g. If you are generating a Websphere CSR for a Wildcard SSL Certificate make sure your common name starts with an asterisk (e.g. *

8. Browse for a location and enter a name for the file such as certreq.arm and click OK.

9. You can now open that file in a text editor and send it to Certificate Authority to order your SSL certificate.

Make sure to remember where your kdb file is as it will be required later when installing your SSL certificate in IBM IHS / Websphere.

How to generate a CSR for IBM IHS Server
Tagged on:                                                     

Leave a Reply

Your email address will not be published. Required fields are marked *