Sun Java System Web Server 7.0 Update 7 Administrator's Guide

Creating a Self-Signed Certificate

You can generate a self-signed certificate if you do not need your certificate to be signed by a CA, or if you wish to test your new SSL implementation while the CA is in the process of signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To create a self-signed certificate through CLI, execute the following command.

wadm> create-selfsigned-cert --user=admin --port=8989 --password-file=admin.pwd 
--config=config1 --token=internal --org-unit=org1 --locality=XYZ --state=DEF 
--validity=10 --org=sun --country=ABC --server-name=serverhost --nickname=cert1

See CLI Reference, create-selfsigned-cert(1).

Importing Self-signed Certificate to IE Browser

The Web Server installer should import the admin self-signed certificate into the IE certificate tab. When the Admin console is accessed using a browser, a pop-up window (in the case of IE6 and Mozilla/Firefox) or a warning page (IE7) may appear stating that the certificate is not issued by a trusted certificate authority. This is because the administration server uses a self-signed certificate. To proceed to the Administration GUI login page, do the following:

These procedures will accept the certificate temporarily for that browser session. To accept the certificate permanently, follow the steps below: