WoSign,making the internet more secure and trusted!
home>Support>CSR Generation Instruction - IBM HTTP Server

CSR Generation Instruction - IBM HTTP Server

An Important Note Before You Start

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate the key and CSR for IBM HTTP server through IKEYMAN

please follow the instructions below:

Firstly a Key Database File(.kdb) using IKEYMAN needs to be generated. Please follow these steps :

1. Open the IKEYMAN Utility (From Windows NT click Start -> Programs -> IBM HTTP Server -> Start Key Management Utility

2. From the Menu Bar select "Key Database File"

3. Click on NEW

4. File Name= (The name you want to give the new Key Database file you are creating)

5. Location= (the location on the harddrive you wish to store the .kdb file)

Note: On NT this is usually the /IBM Http Server/ssl directory

6. After Saving the file to the location specified you will be prompted to enter a password

Note: This is the password that will be used to open the .kdb file in IKEYMAN in the future

7. Make sure to click the box that states "stash the password to a file?"

Note: This will encrypt the password and save the file as a .sth file in the same directory

as the .kdb file.

8. Once you click OK, you are done.

Generating the CSR

1. Open the Key Database File(.kdb) using the IKEYMAN utility

2. In the middle of the IKEYMAN GUI you will see a section called "Key database content"

3. Click on the "down arrow" to the right, to display a list of three choices

4. Select "Personal Certificate Requests"

5. Key Label= (The name you want to give the certificate to identify it in IKEYMAN)

Note: Using the SiteName (ex. www.domain.com ) as the label is a good practice

6. Key Size= (1024 for 128bit, 512 for 56bit)

7. Common Name= (SiteName, ex. www.domain.com )

Note: This is the name that the Thawte will register, so it is important it matches the actual SiteName

8. Organization= (Company Name)

9. "Enter the name of a file in which to store the certificate request"

Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what Thawte needs you to provide us.

*Saving this file(.arm) in the same directory as the (.kdb) file is recommended.

10. Once you save the file (.arm) you are done with creating the request

For more information please refer to this IBM technical support link:


For more information on using the Ikeyman please referr to this: http://www-306.ibm.com/software/webservers/httpservers/doc/v1312/ibm/9atikeyu.htm#Header_9

Start the certificate request process

To submit the CSR to WoSign for processing you should start the certificate enrollment process.