MBAeSecurity Resources

Page 26

MBAeSecurity Resources

2007

6. Type the current password, and choose Strong for Encryption Strength. 7. Click OK. Creating a client certificate request

Some CAs have Web pages that you can access for requesting certificates. That is the easiest way to obtain a client certificate. To create a request in Certificate Management: 1. On a Windows server, click Start > Programs > IBM Host On-Demand > Administration > Certificate Management. 2. On an AIX server, enter CertificateManagement from a command prompt. The default location of the AIX script is /opt/IBM/HostOnDemand/bin. Please refer to Running Certificate Management on AIX for additional information. 3. Create a HODClientKeyDb.kdb database. 4. Follow the instructions in the Help to create the certificate request. 5. Exit Certificate Management. 6. Send the certificate request to the CA. Sending the certificate request to the CA

Access the CA's Web site and then follow the instructions to request the certificate. Here are the URLs of two CAs: • •

VeriSign: http://www.verisign.com/ Thawte: http://www.thawte.com/

Depending on the CA you choose, you can either e-mail the certificate request or incorporate the request into the form or file provided by the CA. If you need the CA's root certificate, you can often get it directly from the Web site. While you are waiting for the CA to process your certificate request, you can create a selfsigned certificate to use. Receiving the certificate

When you receive the certificate, make sure that it is in armored-64 or binary DER format. Only certificates in these formats can be stored in the key database. The Certificate Management program can only accept simple certificates. It cannot accept certificate chains or PKCS7 data. The armored-64 form of a simple certificate starts with "----BEGIN CERTIFICATE----" and ends with "----END CERTIFICATE----". To receive the certificate: 1. Click Start > Programs > IBM Host On-Demand > Administration > Certificate Management. 2. Add the certificate to the key database, HODClientKeyDb.kdb. 3. Export the certificate into a password-protected PKCS12 (.p12 file type) file. Send the certificate and password to the user. 26 | С т е ф а н Д р а ж е в , s t e @ b u l t i m a . n e t

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.