Software AG Products 10.11 | Administering Integration Server | Configuring Integration Server for Secure Communications | Preparing to Configure SSL in Integration Server | Creating Public/Private Keys and Certificates for Integration Server
 
Creating Public/Private Keys and Certificates for Integration Server
Integration Server needs public/private key pair and certificates to use as an SSL server and as an SSL client. Generating a public/private key pair for Integration Server consists of the following general steps which can vary depending on the CA that is used.
1. Use a standard certificate management tool, such as OpenSSL or Portecle, to generate a private/public key pair for Integration Server.
2. Place the public key in a certificate signing request (CSR).
3. After creating the CSR, send it to the CA to sign the CSR. Request the certificate in DER format. If you receive a certificate in PEM format (or any format other than DER), you need to convert it to DER format.
The signing CA's certificate attests to the identity of the CA that signed the digital certificate for the Integration Server. The CA should send this certificate to you when it sends you the digital certificate for the Integration Server.
4. After you receive your signed certificate from the CA, you need to import the certificate into a keystore.
You will then have an SSL certificate and private key to use with Integration Server.
In general, you will repeat the steps after creation of the key pair about every year or two years, at the time you need to renew the certificate.
If certificates contain certificate extensions that you want Integration Server to validate, set the watt.security.cert.wmChainVerifier.enforceExtensionsChecks server configuration property to true.