Installing your Certificate on a IBM HTTP Server

Using IKEYMAN for Certificate Installation

For Essential SSL certificate, in additonal to your domain certificate you will be receiving 4 more files.These files must be imported in the following order:
Root AddTrustExternalCARoot.crt
Intermediate CA UTNAddTrustSGCCA.crt
Intermediate CA ComodoUTNSGCCA.crt
Intermediate CA EssentialSSLCA.crt

Or click to download the EssentialSSL CA files

Before installing the server certificate, install all of these certificates. Follow the instructions in 'Storing a CA certificate'(below). .

Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

• You will need to repeat this process for the AddTrustExternalCARoot.crt , UTNAddTrustSGCCA.crt, ComodoUTNSGCCA.crt and EssentialSSLCA.crt (in this order)
• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
• Select Key Database File from the main User Interface, select Open.
• In the Open dialog box, select your key database name. Click OK.
• In the Password Prompt dialog box, enter your password and click OK.
• Select Signer Certificates in the Key Database content frame, click the Add button.
• In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
• In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
• Select Key Database File from the main User Interface, select Open.
• In the Open dialog box, select your key database name. Click OK.
• In the Password Prompt dialog box, enter your password, click OK.
• Select Personal Certificates in the Key Database content frame and then click the Receive button.
• In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."