Knowledge Base

PositiveSSL Certificate Installation: IBM HTTPServer

May 25, 2018 in WebServer

Installing your Certificate on an IBM HTTP Server using IKEYMAN for Certificate Installation

For Positive SSL certificate, You will be receiving the following files:

  • Root AddTrustExternalCARoot.crt
  • Intermediate CA UTNAddTrustServerCA.crt
  • Intermediate CA PositiveSSLCA.crt
  • domain/site certificate yourdomainname.crt

Or click to download the PositiveSSL CA files

Before installing the server certificate, install all of these certificates. Follow the instructions in 'Storing a CA certificate'(below). .

Note: If the authority who issues the certificate is not a trusted CA in the key database

  • You must first store the CA certificate and designate the CA as a trusted CA.
  • Then you can receive your CA-signed certificate into the database.
  • You cannot receive a CA-signed certificate from a CA who is not a trusted CA.

For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

  • You will need to repeat this process for the AddTrustExternalCARoot.crt , UTNAddTrustServerCA.crt and PositiveSSLCA.crt (in this order)
  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password and click OK.
  • Select Signer Certificates in the Key Database content frame, click the Add button.
  • In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
  • In the Label dialog box, enter a label name and click OK.


To receive the CA-signed certificate into a key database:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password, click OK.
  • Select Personal Certificates in the Key Database content frame and then click the Receive button.
  • In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."

Related articles