Creating a user certificate

If you want to use digital certificates for user authentication, users must have certificates. If you use Digital Certificate Manager (DCM) to operate a private local Certificate Authority (CA), you can use the local CA to issue certificates to each user.

Each user must access DCM to obtain a certificate by using the Create Certificate task. In order to obtain a certificate from the local CA, the CA policy must allow the CA to issue user certificates.

To obtain a certificate from the local CA, complete these steps:

  1. Start DCM. Refer to Starting DCM.
  2. In the navigation frame, select Create Certificate.
  3. Select User certificate as the type of certificate to create. A form displays so that you can provide identifying information for the certificate.
  4. Complete the form and click Continue.
    Note: If you have questions about how to complete a specific form in this guided task, select the question mark (?) at the top of the page to access the online help.
  5. At this point, DCM works with your browser to create the private and public key for the certificate. Your browser may display windows to guide you through this process. Follow the browser's instructions for these tasks. After the browser generates the keys, a confirmation page displays to indicate that DCM created the certificate.
  6. Install the new certificate in your browser software. Your browser may display windows to guide you through this process. Follow the instructions that the browser gives to complete this task.
  7. Click OK to complete the task.

During processing, the Digital Certificate Manager automatically associates the certificate with your IBM® i user profile.

If you want a certificate from another CA that a user presents for client authentication to have the same authorities as their user profile, the user can use DCM to assign the certificate to their user profile.