Creating Digital Certificates

To create a secure connection between federated SIMULIA Execution Engines, you need to create digital certificates for all of the SIMULIA Execution Engines in your Federation environment using the IBM Key Management tool. This tool is included with your WebSphere installation.

In this procedure you will use self-signed certificates that contain both the private and public keys used for encryption and digital signature validation. It is also possible to create certificates from information provided by a trusted Certificate Authority (CA) such as VeriSign.

  1. Access the local SIMULIA Execution Engine.

  2. Create a directory called keys. This directory can be located anywhere on the local SIMULIA Execution Engine (for example, c:\keys). It will hold certificates and related files.

  3. Navigate to the following directory:

    <websphere_install_directory>\AppServer\bin

  4. Access the IBM Key Management dialog box, which is used to create and manage digital certificates, using one of the following methods:

    • Windows: Execute the ikeyman command.

    • Linux: Execute the ./ikeyman.sh command.

    The IBM Key Management dialog box appears.



  5. From the Key Database File menu, select New to create a new key database file.

    The New dialog box appears.

  6. From the Key database type list, verify that JKS is selected.

  7. Type server.jks in the File Name text box, where server is the name of the SIMULIA Execution Engine that you are configuring.

  8. In the Location text box, type the path to the keys directory created in Step 2.

  9. Click OK.

    The Password Prompt dialog box appears.

  10. Enter a password that will be used to protect this key file. This password is different than the passwords for any digital certificates stored in the key file.

    Important: Be sure to note this password as it will be required in later steps.

  11. Click OK.

    You are returned to the IBM Key Management dialog box.

  12. From the Key database content list, select Personal Certificates.

    The list of certificates in the center of the interface is cleared.

  13. In the lower right corner of the IBM Key Management dialog box, click New Self-Signed.

    The Create New Self-Signed Certificate dialog box appears.

  14. Specify the following settings for the new certificate:

    1. In the Key Label text box, specify the certificate name as follows, where server is the name of the local SIMULIA Execution Engine:

      server (client) self-signed certificate

    2. Verify that the Version option is set to X509 V3.
    3. Verify that the Key Size option is set to 1024.
    4. In the Common Name text box, specify the full name of the local SIMULIA Execution Engine (for example, federationssytem.company.com).
    5. In the Organization text box, specify the name of the company hosting the local SIMULIA Execution Engine.

      Note: The remaining optional settings can be filled in, if desired. However, they are not needed to successfully configure the Federation feature. The Key Label, Common Name, and Organization settings are required, but any non-empty value can be entered.

  15. Click OK.

    The certificate is created in the keys directory, and you are returned to the IBM Key Management dialog box.

  16. Extract the public part of the certificate.

    This public part is the portion of the certificate that is sent to the remote SIMULIA Execution Engine for importing as a “signer” on the remote system.

    1. In the lower right corner of the IBM Key Management dialog box, click Extract Certificate.

      Note: Do not use Export. This option performs a similar task, but it is not needed for configuring the Federation feature.

      The Extract Certificate to a File dialog box appears.

    2. From the Data type list, verify that Base64-encoded ASCII data is selected.
    3. In the Certificate file name text box, type server.arm, where server is the name of the local SIMULIA Execution Engine.
    4. In the Location text box, type the location of the keys directory.
    5. Click OK.

      The certificate is extracted.

  17. Close the IBM Key Management dialog box.

  18. Navigate to the keys directory, and verify that the following two files are present, where server is the name of the system running the SIMULIA Execution Engine:

    • server.jks

    • server.arm

  19. Repeat Steps 1 through 18 on each SIMULIA Execution Engine that you want to include in your federation environment.

  20. Proceed to Exchanging the Extracted Certificates.