IBM Websphere SSL Certificate CSR Creation

NOT: The following instructions are for IBM Websphere 6.0x. You can use them for older versions of Websphere but there are some small interface differences.

The first step is to create a keystore, a file that contains the certificates and private key. You will create the keystore with IBM's Key Management Utility, which comes installed with WebSphere:

  • Start the Key Management Utility (iKeyman).
  • In the IBM Key Management Utility, click on Key Database File and then New.
  • Choose Key database type and select JKS. Give the keystore a name such as your_domain.jks.
  • Click the Browse button. Go to
    C:\Program Files\IBM\WebSphere\AppServer\profiles\default\etc
    or to a different location where you want to store your keystore file.
  • Click OK. Enter a password and click OK.
  • Click Create then New Certificate Request to bring up the Create New Key and Certificate Request dialog.
  • Type a Key Label, Common Name, Organization, Locality, State, and select a Country. Select 2048 for Key Size. For common name enter the fully qualified domain name for the site you are securing (e.g. If you are generating a Websphere CSR for a Wildcard SSL Certificatemake sure your common name starts with an asterisk (e.g. *
  • Browse for a location and enter a name for the file such as your_domain.csr and click OK.
  • You can now open that file in a text editor and paste it in to CSR request form

    NOTE; Make sure to remember where your your_domain.jks file is as it will be required later when installing your SSL certificate in IBM Websphere.

Customer Services 0850 222 444 6