Option 2 - Requesting a personal certificate

The command for requesting a personal certificate that is signed by an external Certificate Authority (CA) is described.

If you want a certificate to be signed by an external Certificate Authority (CA), you can use wvrcert to create a server certificate request by running the following command:

wvrcert -certreq -create -db $SYS_DIR/voip/keyring.db -stashed 
        -label wvr_server_certificate -dn distinguished_name -file filename

where:

-dn distinguished_name
Specifies the X.500 distinguished name, which is enclosed in double quotation marks. At least one attribute is required. You can supply multiple OU and DC attributes.
-file filename
Specifies the file name for the certificate request. This file is the one that you provide to be signed by your certificate authority.

A typical use would be like the following instance of the command:

wvrcert -certreq -create -db $SYS_DIR/voip/keyring.db -stashed -label wvr_server_certificate 
        -dn CN='echo $HOSTNAME' -file $SYS_DIR/voip/cert_request.arm

Here the Common Name (CN) value is set to be the hostname of the machine by using the AIX variable $HOSTNAME. The common name of a personal certificate must be the host name of the machine that will use it.

Parent topic: Configuring a certificate