I-Planet Web Server 6.x

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more >


1. Restart the administration server by typing the following commands:

    # /usr/iplanet/servers/https-admserv/stop
    # /usr/iplanet/servers/https-admserv/start

2. To request the server certificate, click the Security tab near the top of this page.

    The Create Trust Database window is displayed.

3. Select the Request a Certificate link on the left frame.


The screenshot depicts the following options:

    New certificate or Certificate renewal; View a list of available certificate authorities; Submit to Certificate Authority (CA) via CA Email Address or CA URL; a drop-down menu to select the Cryptographic Module to use with this certificate ("nobody@engineering" is displayed as the default); a field for the Key Pair File Password; a link to an overview of the certificate process; fields for Requestor name, Telephone number, Common name, and Email address.

4. Fill out the form to generate a certificate request, using the following information:

    a. Select a New Certificate.

    If you can directly post your certificate request to a web-capable certificate authority or registration authority, select the CA URL link. Otherwise, choose CA Email Address and enter an email address where you would like the certificate request to be emailed to.

    b. Select the Cryptographic Module you want to use.

    Each realm has its own entry in this pull-down menu. Be sure that you select the correct realm. To use the Sun Crypto Accelerator 1000, you must select a module in the form of user@realm-name.

    c. In the Key Pair File Password dialog box, provide the password for the user@realm-name that will own the key.

    d. Provide the appropriate information for the following fields:

    e. Click the OK button to submit the information.

5. Send the CSR to Digi-Sign.

6. Once the certificate is generated, copy it, along with the headers, to the clipboard.

NOTE that the certificate is different from the certificate request and is usually presented to you in text form.