If your organization purchases certificates from a certificate authority, you can import them to your application server, and no action is required by your users.
Otherwise, Jazz Reporting Service requires as a minimum its own self-signed certificate. Because self-signed certificates are not issued by a known certificate authority, they are typically not trusted by most browsers. To work around this limitation, you must generate these certificates, optionally export them to a Personal Information Exchange Syntax Standard (PKCS #12) file, and then ask your users to import them into the certificate store of their browsers.
The self-signed certificate that you generate must map to the server name shown in the URL that is used to access the application.
It is easier for Chrome and Internet Explorer users to install a PKSC#12 (.p12) file that you provide, rather than import a self-signed certificate themselves.
The following steps describe how to generate certificates in Apache Tomcat server. For information about creating self-signed certificates and a keystore on IBM® WebSphere® Application Server, see Installing a security certificate in the CLM documentation.