Completing planning work sheets

The following planning work sheets demonstrate the information that you need to gather and the decisions you need to make to prepare the digital certificate implementation that this scenario describes. To ensure a successful implementation, you need to be able to answer Yes to all prerequisite items and you need to have gathered all the information requested before you perform any configuration tasks.

Table 1. Certificate implementation prerequisite planning work sheet
Prerequisite work sheet Answers
Is your system running a supported version of IBM® i? Yes
Do you have Digital Certificate Manager installed on your system? Yes
Is the IBM HTTP Server for i installed on your system and Administrative server instance started? Yes
Is TCP configured for your system so that you can use a Web browser and the HTTP Server Administrative server instance to access DCM? Yes
Do you have *SECADM and *ALLOBJ special authorities? Yes

You need to gather the following information about your digital certificate implementation to perform the necessary configuration tasks to complete the implementation:

Table 2. Certificate implementation configuration planning work sheet
Planning work sheet for System A Answers
Will you operate your own local CA or obtain certificates for your application from a public CA? Obtain certificate from public CA
Does System A host the applications that you want to enable for TLS? Yes
What distinguished name information will you use for the certificate signing request (CSR) that you use DCM to create?
  • Key size: determines strength of cryptographic keys for certificate.
  • Key algorithm: select key algorithm to use for generating the certificate's public and private keys.
  • Certificate label: identifies the certificate with a unique string of characters.
  • Common name: identifies the owner of the certificate, such as a person, entity, or application; part of the Subject DN for the certificate.
  • Organization unit: identifies the organizational section or area for the application that will use this certificate.
  • Organization name: identifies your company or divisional section for the application that will use this certificate.
  • Locality or city: identifies your city or a locality designation for your organization.
  • State or province: identifies the state or province in which you will use this certificate.
  • Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.
Key size: 2048Key algorithm: RSA or ECDSACertificate label: Myco_public_certCommon name: myco_rate_server@myco.comOrganization unit: Rate deptOrganization name: mycoLocality or city: Any_cityState or province: AnyCountry or region: ZZ
What is the DCM application ID for the application that you want to configure to use TLS? mcyo_agent_rate_app
Will you configure the TLS-enabled application to use certificates for client authentication? If yes, which CAs do you want to add to the application's CA trust list? No