Question: People care about sensitive data protection in social business,
The documentation in Knowledge center only suggest how to create self-signed certificate,
As more and more modern browsers refuse clients to connect to self-signed certificate
how can we bring more confidence to end users?
We suggest customer to buy a SSL certificate first. There are plenty of choices from http://www.ssls.com/
Customer purchased PositiveSSL certificate from Comodo ($14.97 for 3 years, amazing price ! )
First of all, site admin need to generate a new KDB file.
Using iKeyman to create a key database file
How do I create a new "Certificate Request" to send to a CA (for example, Verisign)?
Select Personal Certificate Requests.
Key Label= (Fully Qualified Domain Name, for example, conn.acme.com.cn)
Key Size= (2048bit)
Common Name= (Fully Qualified Domain Name, for example, conn.acme.com.cn)
Note: This is the name that the CA will register, so it is important it matches the actual SiteName
Organization= (Company Name, for example, ACME)
"Enter the name of a file in which to store the certificate request"
Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information
contained in this file is what the CA (ex. Verisign) needs you to provide them.
*Saving this file(.arm) in the same directory as the (.kdb) file is recommended.
5. Once you save the file (.arm) you are done with creating the request.
6. You must now choose a CA and follow the CA's instructions for sending them a the "Certificate Request"
If you choose PositiveSSL from Comodo, follow instructions here to activate the certificate:
7. Validated domain ownership by entering the verification code sent to email@example.com
8. Received 4 files in email from Comodo:
> Signer Certificates:
> Personal Certificate:
Followed instructions from Comodo to install CA certificate into the new kdb created earlier:
How do I receive the Certificate into the Key Database File (.kdb) file after getting it back from the CA?
Note: CAs usually send back an email with the certificate information provided as text in the email.
Take the information provided in the email and copy it into a text file.
Save the text file with a .cert extension or .arm extension.
Highlight the 3 CA provided files (AddTrustExternalCARoot.crt , COMODORSAAddTrustCA.crt , COMODORSADomainValidationSecureServerCA.crt)and click Open.
Replaced the key.kdb and key.sth on IBM HTTP server and recycled IBM HTTP server.
Wow ?, there's no more SSL certificate error warning from Web browsers !!!