Creating the Liberty keystore and certificate

WebSphere® Liberty stores certificates in Java keystore files (.jks). Follow the procedure to create a Java keystore and export the appropriate certificates.

The following steps use a self-signed certificate. In a production environment, use or request a signed certificate for Liberty from a certificate authority. Place this certificate in the Liberty keystore.

Create a keystore and self-signed certificate for Liberty by using the Java keytool utility.
  1. Open a command prompt and navigate to the i2analyze\deploy\java\bin directory.
  2. Create a keystore and certificate.
    For example, run the following command:
    keytool -genkeypair -alias "libertyKey" -keystore "C:\IBM\i2analyze\i2-liberty-keystore.jks" -dname "CN=hostname" -keyalg RSA -storepass "password" -ext san=dns:hostname
    Important: Ensure that you provide values as follows:
    • Enter a unique alias.
    • Set the location of the keystore to the directory that contains the toolkit.
    • Set the value of CN and san=dns to the hostname of the server that hosts Liberty.
    • Assign a secure password.
  3. Export the certificate from the Liberty keystore.
    For example, run the following command:
    keytool -exportcert -alias "libertyKey" -keystore "C:\IBM\i2analyze\i2-liberty-keystore.jks" -file "C:\IBM\i2analyze\i2-liberty-certificate.cer" -storepass "password"

If you are using self-signed certificates, add the certificate that you exported from your Liberty keystore to the HTTP server key database. For more information, see Adding the Liberty certificate to the HTTP key database.