Configuring Certificate

  1. Generate a Certificate Request.
      On a iPlanet webserver:
    1. http://hostname:8888
    2. Security > Request a Certificate
    3. Check New Certificate
    4. Fill in the CA Email Address with you email.
    5. Select the internal (software) cryptographic module.
    6. Enter the Key Pair File Password.
    7. Fill in the Requestor name fied with your name.
    8. Fill in the Telephone number.
    9. Fill in the Common name field with the FQDN.
    10. Fill in the Email address field with that of sys admin.
    11. The Organization field be filled such as Sun Microsystem Inc.
    12. Fill in the Country field with two letter code.
    13. Leave all other fields blank.
    14. Double check the info, then click OK.
    15. Save the certificate on the resulting page.
  2. Submit your Certificate Request.
    1. Connect to the appropriate Registration Authority.
    2. SSL Server Enrollment
    3. Cut and paste the certificate request generated in the previous step into the PKCS #10 Request box.
    4. Fill in info with sys admin.
    5. Provide server owner's name in the Additional Comments.
    6. Submit.
    7. Make note of request ID.
  3. Wait for your certificate.
    1. It usually takes 5 business days.
  4. Pick up your certificate and install into your server.
    1. Security > Install Certificate
    2. This Sever, Message text
    3. Cut and paste the new certificate under Message text
    4. OK
    5. Click Add Server Certificate
    6. You willnow see Success and a Warming dialog.
    7. Click OK to both and shutdown and restart the server.
  5. Import the Certificate Chain
    1. RA
    2. Retrieval
    3. Import CA Certificate Chain
    4. Display certificates in the CA certificate chain for importing ...
    5. CN=GTE CyberTrust Root, O=GTE Corporation,C=US
      CN=Sun Microsystems Inc Root CA, O=Sun Microsystems Inc, C=US
      CD=Sun Microsystems Inc CA (Class B), O=Sun Microsystems Inc
    6. http://hostname:8888
    7. Security
    8. Install Certificate
    9. Server Certificate Chain
    10. Message text (with headers)
    11. Cut and paste the certificate from the RA.
    12. Enter Certificate Name ONLY if certificate is not for 'This Server'
    13. Enter CN for the certificate.
    14. Click Add Server Certificate
    15. Server Administrator
    16. Manage Certificate
      (You should see webpage listing all the certificates in your web server's.)
    17. Look for and click on the entry with "CN".
    18. This will pop up a dialog showing you the certificate.
    19. Verify it.
    20. If it does, click "Quit" to dismiss the dialog.
    21. If it doesn't, click the "Trust" button.
    22. OK to Do you really want to trust this Certificate Authority? .
    23. Click OK.
  6. Verify that your Certificate works.
    1. http://hostname:8888
    2. Manage Certificate
    3. Look for "Server Cert" and "Own"
    4. Click "Server Cert"
    5. A dialog box shows you the certificate of the web server.
    6. Click Quit to dismiss the dialog.
  7. Enable SSL
    1. Preference
    2. Encryption On/Off
    3. Encryption is On.
    4. Fill in the SSL port number of your web server (default is 443).
    5. Restart the server for changes to take effect.