$: pwd

->  /opt/softwareag/wm80_01/jvm/linux160_32/jre/lib/security

$: /opt/softwareag/wm80_01/jvm/linux160_64/jre/bin/keytool -importcert -alias idnrootca -file /opt/softwareag/install/WM/webMethods-configurator/security/root/root.der -keystore cacerts -storepass changeit

Sign your certificate

You can get a CA such as verisign to sign it. Or you can sign it yourself. Here's how:

1. Download OpenSSL. I used http://www.slproweb.com/products/Win32OpenSSL.html
2. Once you have installed it go to the OpenSSL bin directory.
3. You'll need to configure the Root CA, you can do this by first deleting PEM directory and running the following commands:
4.   openssl md5 * > rand1.dat
5.  openssl genrsa -rand rand1.dat -des3 1024 > ca.key
6.  openssl req -new -key ca.key -out ca.csr
7. openssl x509 -in ca.csr -out ca.crt -req -signkey ca.key -days 3650
8. Now you can self sign the certificate. Note that you need to replace csr.pem with the CSR filename you created previously.
9. Note: To specify certificate's expiry date, add option -days at the end of this command below
10. openssl x509 -req -in csr.pem -out cert.crt -CA ca.crt -CAkey ca.key -CAcreateserial

 

Convert the Signed Certificate and CA root certficate to the DER format

Again, read CertificateToolkitUsersGuide.pdf. It will tell you how to convert a CRT to DER format.
You will need to convert ca.crt and cert.crt to DER format. ca.crt is the CA root certificate. cert.crt is the server certificate.

 

Copy the server private key, server certicate and CA root certifcate to the webmethods server.

If you're copying it to a UNIX server remember to set the transfer mode to binary.
You can copy the certificates anywhere under the IntegrationServer directory.
Config directory is a good place.
For example:

1. CA Root - config/cas/ca.der
2. Server Certificate - config/cert.der
3. Server Private Key - config/privateKey.der (you generated this using the certificate toolkit in the very first step)