SSL证书请求文件(CSR)生成指南 - IBM HTTP Server
重要注意事项 An Important Note Before You Start
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
To generate the key and CSR for IBM HTTP server through IKEYMAN
please follow the instructions below:
Firstly a Key Database File(.kdb) using IKEYMAN needs to be generated. Please follow these steps :
1. Open the IKEYMAN Utility (From Windows NT click Start -> Programs -> IBM HTTP Server -> Start Key Management Utility
2. From the Menu Bar select "Key Database File"
3. Click on NEW
4. File Name= (The name you want to give the new Key Database file you are creating)
5. Location= (the location on the harddrive you wish to store the .kdb file)
Note: On NT this is usually the /IBM Http Server/ssl directory
6. After Saving the file to the location specified you will be prompted to enter a password
Note: This is the password that will be used to open the .kdb file in IKEYMAN in the future
7. Make sure to click the box that states "stash the password to a file?"
Note: This will encrypt the password and save the file as a .sth file in the same directory
as the .kdb file.
8. Once you click OK, you are done.
Generating the CSR
1. Open the Key Database File(.kdb) using the IKEYMAN utility
2. In the middle of the IKEYMAN GUI you will see a section called "Key database content"
3. Click on the "down arrow" to the right, to display a list of three choices
4. Select "Personal Certificate Requests"
5. Key Label= (The name you want to give the certificate to identify it in IKEYMAN)
Note: Using the SiteName (ex. www.domain.com ) as the label is a good practice
6. Key Size= (1024 for 128bit, 512 for 56bit)
7. Common Name= (SiteName, ex. www.domain.com )
Note: This is the name that the Thawte will register, so it is important it matches the actual SiteName
8. Organization= (Company Name)
9. "Enter the name of a file in which to store the certificate request"
Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what Thawte needs you to provide us.
*Saving this file(.arm) in the same directory as the (.kdb) file is recommended.
10. Once you save the file (.arm) you are done with creating the request
For more information please refer to this IBM technical support link:
For more information on using the Ikeyman please referr to this: http://www-306.ibm.com/software/webservers/httpservers/doc/v1312/ibm/9atikeyu.htm#Header_9
测试CSR和把CSR发给WoSign, Start the certificate request process
生成CSR后，建议您自己测试一下生成的CSR文件是否正确，请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器，等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.