Sun Java System Web Server 7.0 Update 4 Administrator's Guide

ProcedureTo Request a Certificate

  1. Click Server Certificates tab > Request button.

  2. Select a configuration from the configuration list for which you need to install the certificate.

  3. Select the token (Cryptographic Device), which contains the keys.

  4. If your key is stored in the local key database maintained by the server, choose internal. If your key is stored in a Smart Card or other external device or engine, choose the name of the external token from the drop-down list box. Enter the password for the selected token.

  5. Enter Details.

    Before you begin the request process, make sure you know what information your CA requires. Whether you are requesting a server certificate from a commercial CA or an internal CA, you need to provide the following information:

    • Server Name must be the fully qualified hostname used in DNS lookups (for example, This is the hostname in the URL that a browser uses to connect to your site. If these two names do not match, a client is notified that the certificate name doesn’t match the site name, creating doubt about the authenticity of your certificate.

      You can also enter wildcard and regular expressions in this field if you are requesting a certificate from an internal CA. Most vendors will not approve a certificate request with a wildcard or regular expression entered for common name.

    • Organization is the official, legal name of your company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).

    • Organizational Unit is an optional field that describes an organization within your company. This can also be used to note a less formal company name (without the Inc., Corp., and so on).

    • Locality is an optional field that usually describes the city, principality, for the organization.

    • State or Province is optional.

    • Country is a two-character abbreviation of your country name (in ISO format). The country code for the United States is US.

    All this information is combined as a series of attribute-value pairs called the distinguished name (DN), which forms the subject of the certificate.

  6. Choose Certificate Options

    You are required to provide the key information. For key type, you can choose RSA or ECC. If the key type is RSA, the key size can be 1024, 2048 or 4098. If your key type is ECC you will also need to select a curve. Keep in mind that generating a new key pair takes time. The longer the key length the longer the time the wizard takes to generate it.

    Caution – Caution –

    Be sure to select a key type that the CA (to which you will later submit the request for signing) can support.

  7. Select Certificate Type.

    Select the Certificate Signing Authority (CSA) for the certificate (self-signed or CA signed). If you are selecting a self-signed certificate, you can also associate an HTTP Listener for the certificate. You can also perform this action later.

  8. Generate Request.

    The generated certificate request will be available in ASCII format in case of CA signed certificate. In case of self-signed certificate, it will be installed directly. If the type is self-signed, provide values for nickname, validity (Months) and the HTTP Listener name for handling secure requests.

  9. View Results.

    This page provides you with the summary of selected options. Click Finish to complete the request generation.

    Note –

    Using CLI

    To request a certificate through CLI, execute the following command.

    wadm> create-cert-request --user=admin --password-file=admin.pwd 
    --host=serverhost --port=8989 --config=config1 
    --org=sun --country=ABC --state=DEF --locality=XYZ --token=internal

    See CLI Reference, create-cert-request(1).

    Note –

    To create a self-signed certificate through CLI, see Creating a Self-Signed Certificate.