Creating a self-signed client certificate

The client certificate is used to log in and authenticate a user with i2 Analyze. Use the IBM Key Management utility to create a self-signed certificate.

Create a self-signed certificate to use as a client certificate to demonstrate a working configuration. If you are using client certificates that are signed by a certificate authority, you do not need to complete the following instructions.

  1. Start the IBM Key Management utility.
    For more information, see Starting the Key Management utility user interface.
    Note: The IBM® Key Management utility uses a GUI or Window Manager. If you do not have a GUI or Window Manager on your system, you can use the command line interface to complete the same actions. For more information about the command line interface, see Key Management utility command-line interface (gskcmd) syntax.
  2. Open the key database that is used for Secure Sockets Layer (SSL) connections. If you followed the instructions to set up the SSL example, the key database file is i2\i2analyze\i2-http-keystore.kdb.
    For more information about opening a key database, see Working with key databases.
  3. Create a self-signed certificate.
    For more information, see Creating a self-signed certificate.
    1. Set the Key Label to a value that enables you to identify the user.
      For example, Jenny.
    2. Ensure that the value of Common Name matches the name of a user in the user registry for i2 Analyze.
      If you are using the example user registry, set the value of Common Name to Jenny.
      Note: The user name cannot contain a comma (,).

      For this example, you can use the default values for the remaining properties.

  4. Export the certificate and private key from the key database.
    1. Click Export/Import.
    2. Ensure that Export Key is selected.
    3. From the Key file type list, select PKCS12.
    4. Set the File name to a value that enables you to identify the user.
      For example, Jenny.p12.
    5. Ensure that Location is set to the same directory as the key database.
    6. Click OK.
    7. When you are prompted, provide a password that is used to access the keys.
  5. Extract the certificate from the key database.
    1. Click Extract Certificate.
    2. From the Data type list, select Binary DER data.
    3. Set the Certificate file name to a value that enables you to identify the user.
      For example, Jenny.der.
    4. Ensure that Location is set to the same directory as the key database.
    5. Click OK.