If you want to use digital certificates for user authentication,
users must have certificates. If you use Digital Certificate Manager (DCM)
to operate a private local Certificate Authority (CA), you can use the local
CA to issue certificates to each user.
Each user must access DCM to obtain a certificate by using the Create
Certificate task. In order to obtain a certificate from the local
CA, the CA policy must allow the CA to issue user certificates.
To
obtain a certificate from the local CA, complete these steps:
- Start DCM. Refer to Starting
DCM.
- In the navigation frame, select Create Certificate.
- Select User certificate as the type of certificate
to create. A form displays so that you can provide identifying information
for the certificate.
- Complete the form and click Continue.
Note: If you have questions about how to complete a specific form in
this guided task, select the question mark (?) at the
top of the page to access the online help.
- At this point, DCM works with your browser to create the private
and public key for the certificate. Your browser may display windows to guide
you through this process. Follow the browser's instructions for these tasks.
After the browser generates the keys, a confirmation page displays to indicate
that DCM created the certificate.
- Install the new certificate in your browser software. Your browser
may display windows to guide you through this process. Follow the instructions
that the browser gives to complete this task.
- Click OK to complete the task.
During processing, the Digital Certificate Manager
automatically associates the certificate with your IBM® i user
profile.
If you want a certificate from another CA that a user presents
for client authentication to have the same authorities as their user profile,
the user can use DCM to assign the certificate to their user profile.