Configuring the Host On-Demand CustomizedCAs keyring
If you are using self-signed certificates or certificates
from a signing agency that is not in the well-known list, use the
P12Keyring utility to configure the CustomizedCAs keyring. For more
details, refer to P12 Keyring utility.
Perform the following steps to configure a CustomizedCAs
keyring:
- Ensure that java is installed in the system.
- Open a linux-based shell, for example, QSHELL or IBM I PASE shell.
- Navigate to the Host On-Demand publish folder in the Host On-Demand installation directory. Generally, it is /QIBM/ProdData/Host On-Demand/HOD/.
- Enter the command
This command can take a few minutes to complete. If you are prompted for a password, type hod and press Enter.java -classpath .:your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs connect myServer.raleigh.ibm.com:702 - Select the certificate number that corresponds to the Certificate Authority (CA) that you want to add to the keyring. Be sure to add the CA certificate and not the site certificate. If the port is not responding, refer to Configuring IBM System I servers for secure connection.
- Repeat steps 3to 5 for each target server.
To view the contents of the CustomizedCAs keyring, do the following:
- Ensure that java is installed in the system.
- Open a linux-based shell, for example, QSHELL or IBM I PASE shell.
- Navigate to the Host On-Demand publish folder in the Host On-Demand installation directory. Generally, it is /QIBM/ProdData/Host On-Demand/HOD/.
- Enter the command
.java -classpath .: your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs list
 |
If you have multiple IBM System i
machines and would like to create a single certificate that all the
machines can use, consider cross certification. Refer to Managing Security, Cryptographic
Services APIs, and Application System/400
Cryptographic Support/400 Version 3 for additional information
about cross certification. |