Creating New Key Pair and Certificate Request

You can use the option 3 from the Key database menu to create a new key pair and a certificate request.

Procedure

  1. From the Key database menu, enter option 3 to create a new key pair and a certificate request.
  2. Enter the file name where the certificate request is stored.
    If you do not enter a file name, the certificate is stored in the current working directory under the name certreq.arm.
  3. Enter a label for this key.
    Note: The label name is case sensitive. The label is important because it is used in the platform server GLOBAL SSL_DNLABEL parameter. If you want to use this parameter, you must enter it without any embedded spaces.
  4. Enter the desired key strength.
    If you do not enter a key strength, the default value 512 is used as the key strength. 
    Select desired key size from the following options (512):
	    1:    512                                            
	    2:    1024      
	Enter the number corresponding to the key size you want:
  5. Enter the following certificate subject name fields.
    • Common Name: typically the name of the user or machine where the key is used. This field is required.
    • Organization: typically the name of the company or organization. This field is required.
    • Organization Unit: the name of the department. This field is optional.
    • City/Locality: the city where you are located. This field is optional.
    • State/Province: the state where you are located. This field is optional.
    • Country Name: 2 characters of the country where you are located. This field is required.
    The following message is then displayed indicating that the request is being created.

    Please wait while key pair is created...

    When the key is created, the following message is displayed. You can enter 0 to exit gskkyman.

    Your request has completed successfully, exit gskkyman? (1=yes, 0=no):

Result

At this point, you can edit the file where the certificate request is created. You can use the TSO OEDIT command to edit the data set. See the following example of a certificate request file: 
-----BEGIN NEW CERTIFICATE REQUEST-----                         
MIIBKzCB1gIBADBxMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxFDASBgNVBAcT
C0dhcmRlbiBDaXR5MREwDwYDVQQKEwhQcm9naW5ldDEUMBIGA1UECxMLRGV2ZWxv
cG1lbnQxFjAUBgNVBAMTDVByb2dpbmV0IFVzZXIwXDANBgkqhkiG9w0BAQEFAANL
ADBIAkEA5g/R9hXIWYe8MJBgNIpn2qB2B1ZT23URKBClWd3+yQ0a++tZpYXqmGfN
ojfDYjgLM8WJazMd49nP8r1Fy6fFpQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQAW
nEnXjl8zstNnZCSFakfJzNdprLBSTtvyBpH3OML0YjS4yIhMQ+hw2f+CMXYgWQWs
4aDWVBZHRvaXzvkFDTlp                                            
-----END NEW CERTIFICATE REQUEST-----
You can send the certificate request to the certificate authority, or you can paste it into an email or into a web interface. When the certificate authority has processed the certificate request and has created a certificate, the next step can be processed.