Using IKEYMAN for Certificate Installation

Comodo send more than one certificate. In addition to the certificate for your server Comodo send an Intermediate CA Certificate (the Comodo certificate) and a Root CA Certificate (GTE CyberTrust). Before installing the server certificate, install both of these certificates. Follow the instructions in 'Storing a CA certificate'.

Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. You can then receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted Certificate Authority. For instructions see 'Storing a CA certificate'.

Storing a CA Certificate:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password and click OK.
  • Select Signer Certificates in the Key Database content frame, click the Add button.
  • In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
  • In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password, click OK.
  • Select Personal Certificates in the Key Database content frame and then click the Receive button.
  • In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."