Creating a Self-Signed Certificate

You can generate a self-signed certificate if you do not need your certificate to be signed by a CA, or if you wish to test your new SSL implementation while the CA is in the process of signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To create a self-signed certificate through CLI, execute the following command.

wadm> create-selfsigned-cert --user=admin --port=8989 --password-file=admin.pwd 
--config=config1 --token=internal --org-unit=org1 --locality=XYZ --state=DEF 
--validity=10 --org=sun --country=ABC --server-name=serverhost --nickname=cert1

See CLI Reference, create-selfsigned-cert(1).

Importing Self-signed Certificate to IE Browser

The Web Server installer should import the admin self-signed certificate into the IE certificate tab. When the Admin console is accessed using a browser, a pop-up window (in the case of IE6 and Mozilla/Firefox) or a warning page (IE7) may appear stating that the certificate is not issued by a trusted certificate authority. This is because the administration server uses a self-signed certificate. To proceed to the Administration GUI login page, do the following:

• OnMozilla/Firefox, click theOK button in the pop-up window.

• On Internet Explorer 6, click the Yes button in the pop-up window.

• On Internet Explorer 7, click the "Continue to this web site" link in the page.

These procedures will accept the certificate temporarily for that browser session. To accept the certificate permanently, follow the steps below:

• On Firefox/Mozilla:

  Select the Accept this certificate permanently radio button in the pop-up window and click OK.

• On Internet Explorer 6.0:

  1. Click the View Certificate button in the pop-up window.

     Another pop-up window appears

  2. Click the Certification Path tab and select the admin-ca-cert.

  3. Click the View Certificate button and then click the Install Certificate... button. This action invokes the certificate import wizard using which you can import the admin CA certificate into the trusted root certificate database.

• On Internet Explorer 7:

  1. Click the Continue to this website link on the warning page. The login page is displayed.

  2. Click the Certificate Error link located next to the address bar. A warning window is displayed. Click the View certificates link.

  3. Follow the steps 1 to 3 as described in the section On Internet Explorer 6 to import the admin CA certificate into the trusted root certificate database.