Refer to Apache and SSL Certificates for conceptual references.
The tool for working with SSL Certificates on IHS is called IKEYMAN.
Verify GSKit Version
Most current installs should be fine. However, you should still ensure that the GSKit packaged with IHS can start and is the minimal version for 2048 certificates.
To start GSKit regardless of the environment you must specify a JAVAHOME which points to a version of Java with JCE. IBM should have packaged the right version of java for you. On Windows, use the icon from the start menu.
I actually don't remember why I have these instructions actually.
... not sure if needed START ...
Go the command line and issue the following commands,
E:\ cd opt\IBMIHS\gsk7\bin set JAVA_HOME=E:\opt\IBMIHS\java\jre gsk7ikm.exe
... not sure if needed END ...
Which should launch GSKit (IBM Key Management program). Click Help and then About iKeyman and confirm the version to be higher than 7.0.3.18.
Load Key Database File
IBM uses the concept of a Key Database File to protect the certificate private key. The first step is to create an empty key database file using the Key Management Utility,
- Key Database File
- New
- Key database type = CMS (can explain more about the format... later but CMS if standard)
- File Name = krypton.kdb
- Browser... = C:\opt\
See if we can find a command line version of this.
Generate CSR
..
Import Private Key
...
References