Using a self-signed certificate

If you decide not to purchase a CA's certificate, you can create your own (self-signed) server or client certificate. You can also use a self-signed certificate while you are waiting for a certificate from a CA, which can take some time.

To create and use a self-signed certificate:

1. On a Windows NT server, click Start > Programs > IBM Host On-Demand > Administration > Certificate Management.
2. On an AIX server, enter CertificateManagement from a command prompt. The default location of the AIX script is /opt/IBM/server_dir/bin. Refer to Running Certificate Management on AIX for additional information.
3. Follow the instructions in the Help to create the self-signed certificate.
4. If this is a server certificate, store it in the HODServerKeyDb.kdb database and then make it available to clients. If this is a client certificate, store it in the HODClientKeyDb.kdb database, export it to a password-protected PKCS12 file and then send the file and its password to the user. Make sure the file is secure when sent to the user. If a non-secure protocol such as e-mail, http or ftp is used to send the file over the Internet, the certificate's security can be compromised.
5. Exit Certificate Management.

Related topic:

• How SSL works
• Server authentication