Free Trial
Contact Us

Knowledge Base

Knowledge BaseSSL

How to Generate a CSR and Install a SSL Certificate on IBM HTTP Server? 

Updated on April 3, 2026

 

Overview 

This article explains how to create a Certificate Signing Request (CSR) and install an SSL certificate on an IBM HTTP Server using the IBM Key Management utility (iKeyman)

The process consists of two main stages: 

  1. Generating the CSR 
  1. Installing the SSL certificate 

Part 1: Generating a CSR on IBM HTTP Server 

IBM HTTP Server uses the iKeyman tool (IBM Key Management Utility) along with GSKit to generate the CSR. 

Prerequisites 

Before proceeding, ensure the following: 

  • IBM HTTP Server is installed. 
  • GSKit is available on the system. 
  • The iKeyman utility can be launched on the server. 

Step 1: Create a Key Database File (.kdb) 

The key database file will store the certificate and its associated keys. 

  1. Launch the iKeyman utility
  • On Windows: Navigate to 
    Start     Programs IBM HTTP Server Key Management (iKeyman)
  • On Unix/Linux: Run the command: 

ikeyman 

  1. From the main menu, select Key Database File
  1. Click New to create a new database. 
  1. Enter the following details: 

File Name 
Provide a name for the database file (for example: server.kdb). 

Location 
Choose the directory where the database file will be stored. 

  1. Create a secure password for the database. 
  1. Enable the option to stash the password, which will generate a .sth file used by the server to access the key database automatically. 
  1. Click OK to complete the database creation. 

Step 2: Generate the CSR 

After creating the key database, you can proceed with generating the CSR. 

  1. Open the newly created .kdb file using the iKeyman utility
  1. In the Key Database Content section, expand the drop-down menu. 
  1. Select Personal Certificate Requests
  1. Click New to begin creating a CSR. 
  1. Enter the required certificate details: 

Key Label 
A recognizable name for the certificate (for example: yourdomain_ssl). 

Key Size 
Use 2048 bits for the key length. 

Common Name (CN) 
Enter the Fully Qualified Domain Name (FQDN) you want to secure. 
Example: www.yourdomain.com 

Organization (O) 
The full legal name of your organization. 

Organizational Unit (OU) 
This field is optional and often deprecated. You may enter NA if not required. 

Locality (L) 
City where your organization operates. 

State/Province (ST) 
Full name of the state or region. 

Country (C) 
Two-letter country code (example: US, UK, IN). 

  1. Specify a name for the CSR output file
  1. Save the file (usually with .arm or .csr extension) in the same directory as the key database. 

 

Submitting the CSR and SSL issuance 

Open the CSR file using a text editor such as Notepad and copy the entire contents. 

Login to store.sectigo.com > navigate to the order > click on setup > submit the CSR and other necessary details > perform the validation to get the SSL issued. 

 

Part 2: Installing the SSL Certificate on IBM HTTP Server 

After the SSL certificate is issued, you will receive a certificate bundle from the Certificate Authority. 

This bundle usually contains: 

  • Root certificate 
  • Intermediate certificate 
  • Server certificate 

Step 1: Extract Certificate Files 

Download the certificate bundle and extract the files. 

Ensure the following certificates are available: 

  • Root Certificate 
  • Intermediate Certificate 
  • Primary (Server) Certificate 

Step 2: Import Root and Intermediate Certificates 

  1. Launch iKeyman
  1. Open your Key Database file (.kdb)

Key Database File Open 

  1. Enter the database password. 
  1. In Key Database Content, select: 

Signer Certificates 

  1. Click Add
  1. Import the certificates in the following order: 
  1. Root Certificate 
  1. Intermediate Certificate 

These certificates establish the trust chain required for the SSL certificate. 

Step 3: Install the Server Certificate 

Once the chain certificates are installed, proceed with importing the server certificate. 

  1. In Key Database Content, select: 

Personal Certificates 

  1. Click Receive
  1. Browse and select the server certificate file (for example: yourdomain.crt). 
  1. Click OK to complete the installation. 

The server certificate will automatically associate with the private key generated during the CSR creation process. 

Final Step: Restart IBM HTTP Server 

After completing the certificate installation, restart the IBM HTTP Server for the changes to take effect. 

Once the server restarts, HTTPS connections should begin using the newly installed SSL certificate. 

 

Troubleshooting 

Certificate Not Showing in Personal Certificates 

Ensure the certificate matches the CSR generated earlier. The certificate must correspond to the same private key stored in the .kdb file. 

Key Database Password Issues 

Verify that the .sth file exists in the same directory as the .kdb file. 

Browser Shows Certificate Chain Error 

Confirm that both Root and Intermediate certificates were imported correctly. 

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources