Generating an ECC certificate request and a private key

Use the certificate request program (reqtool on Windows, create_cert_req on UNIX), to generate a private key and a request for an ECC certificate from iAnywhere Solutions. The private key enables M-Business Server to encrypt its transactions. Send the certificate request to iAnywhere Solutions for signing; iAnywhere Solutions signs the certificate with the iAnywhere Solutions Root Certificate and sends you the certificate file, which you must install on your server.

To generate an ECC certificate request and a private key

  1. Run the certificate request program.

    Windows:

    • Open Windows Explorer.
    • Navigate to the <M-Business_Home>/conf directory.
    • Double-click the reqtool.exe file.

    UNIX:

    • Open a UNIX shell window
    • cd to <M-Business_Home>/conf directory
    • Enter ./create_cert_req

    The certificate request program runs. You will be prompted to enter password and identification information. Press <Enter> after each response, or to skip to the next field.

  2. When prompted, provide the following information, pressing <Enter> after each response:

    • Your country code (Example: U.S.).

    • Your full state or province (Example: California).

    • Your locality/city (Example: San Mateo).

    • Your company name (Example: MyCompany, Inc.).

    • Your organizational unit, branch, or division (Example: Internal Support).

    • The common name of the server on which M-Business Server is installed.

    • A password that will protect your private key.

      Note

      This password must consist no more than 64 alphanumeric characters (A – Z, a – z, and 0 – 9).

    • Your M-Business Server license key.

      Note

      This information is required.

    • A file name for the request (Example: companyname.req).

      The reqtool auto-generates this file and places it in your <M-Business_Home>/conf directory.

      The certificate request program autogenerates this file and places it in your <M-Business_Home>/conf directory.

    • A file name for the private key (Example: companyname.priv).

Successful execution of the certificate request program produces three files: a certificate request, an encrypted private key, and a log file. The log file contains the passphrase to the encrypted private key.

Together, these three files provide everything necessary to eavesdrop encrypted traffic between M-Business Client and M-Business Server. For this reason, it is critical that you never send the encrypted private key or the passphrase to any outside party, including iAnywhere Solutions.

To issue a certificate, iAnywhere Solutions needs only the certificate request. If you encounter problems installing your certificate, the Technical Support department may request a copy of the reqtool log file. Remove your private-key password from the log file before sending it. Once you have successfully installed your certificate, you may want to consider deleting the log file entirely.

Note

ECC certificates generated by M-Business Server version 7.0 and later are incompatible with EEC certificates generated by M-Business Server version 6.7 and earlier. You can determine whether an ECC certificate is compatible with M-Business Server version 7.0 and later by checking the certificate serial number: a value of 03 means the certificate is compatible with M-Business Server version 7.0 and later; a value of 02 means the certificate is compatible with M-Business Server version 6.7 and earlier.

Sending the certificate request to iAnywhere Solutions
Appending your private key to the certificate

Copyright © 2008, iAnywhere Solutions, Inc.