Configuring the Cryptographic Coprocessor for use with DCM and SSL

This topic provides information on how to make the Cryptographic Coprocessor ready for use with SSL in IBM i.

The following section lists the steps needed to make the Cryptographic Coprocessor ready for use with SSL.

Using your Coprocessor with DCM and SSL

To install the Cryptographic Coprocessor and prerequisite software, you must do the following:

  • Install the Coprocessor in your system.

    For feature EJ32 or EJ33, install your Cryptographic Coprocessor, as instructed in the instructions that are shipped with your Cryptographic Coprocessor.

  • Install IBM i Option 35 CCA CSP and 5733-CY3 Cryptographic Device Manager.
  • Set IBM i object authorities for secure access.
  • Use your web browser to go to the IBM i Tasks page found by clicking on the IBM i Tasks page link on the IBM Navigator for i welcome page at http://server-name:2001.
  • Configure the Coprocessor.
The Cryptographic Coprocessor is now ready to be used to create private keys for SSL certificates.
  • Use DCM to create a certificate, specifying that the private key be generated by the hardware.
  • Use DCM to receive the signed certificate.
Note: If you plan to use multiple cards for SSL, see Managing multiple Cryptographic Coprocessors and Cloning master keys.