EnterpriseSSL Certificate Installation: IBM HTTPServer

May 25, 2018 in WebServer and SHA 1

Installing your Certificate on a IBM HTTP Server, using IKEYMAN for Certificate Installation

For Enterprise SSL certificate, You will be receiving the following three files from Sectigo:

  • Root AddTrustExternalCARoot.crt
  • Intermediate CA UTNAddTrustServerCA.crt
  • domain/site certificate yourdomainname.crt

Or click to download the EnterpriseSSL CA files

Before installing the server certificate, install all of these certificates. Follow the instructions in 'Storing a CA certificate'(below). .

Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

  • You will need to repeat this process for the AddTrustExternalCARoot.crt and UTNAddTrustServerCA.crt (in this order)

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.

  • Select Key Database File from the main User Interface, select Open.

  • In the Open dialog box, select your key database name. Click OK.

  • In the Password Prompt dialog box, enter your password and click OK.

  • Select Signer Certificates in the Key Database content frame, click the Add button.

  • In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.

  • In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.

  • Select Key Database File from the main User Interface, select Open.

  • In the Open dialog box, select your key database name. Click OK.

  • In the Password Prompt dialog box, enter your password, click OK.

  • Select Personal Certificates in the Key Database content frame and then click the Receive button.

  • In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."