Importing a certificate

You can use Digital Certificate Manager (DCM) to import certificates that are in files on your workstation or stored in IFS on your IBM® i. You can also import a certificate from another server instead of recreating the certificate on the current server.

For example, on System A you used the local CA to create a certificate for your retail web application to use to initiate TLS connections. Your business has grown recently and you have installed a new IBM i model (System B) to host more instances of this very busy retail application. You want all instances of the retail application to use an identical certificate to identify them and initiate TLS connections. Consequently, you might decide to import both the local CA certificate and the server certificate from System A to System B rather than to use the local CA on System A to create a new, different certificate for System B to use.

Follow these steps to use DCM to import a certificate:

  1. In the left-hand navigation pane, click Select a Certificate Store and select the certificate store that you want to import the certificate into.
    The certificate store that you import the certificate into must contain certificates that are the same type as the certificate that you exported on the other system. For example, if you are importing a server certificate (type) then import it into a certificate store that contains server certificates such as *SYSTEM or an Other System Certificate Store.
  2. In the navigation frame, select Manage Certificates.
  3. In the navigation frame, select Import certificate.
  4. Select the type of certificate that you want to import and click Continue. The type of certificate that you are importing needs to be the same type of certificate that you exported. For example, if you exported a server certificate select to import a server certificate.
    Note: When DCM exports a certificate in pkcs12 format, the issuing CA is included in the exported certificate chain and is therefore imported automatically when the certificate itself is imported into the certificate store by DCM. However, if the certificate is not exported in pkcs12 format and you do not have the CA certificate in the certificate store to which you are importing, you need to import the issuing CA certificate before you can import the certificate.
  5. Complete the guided task to import the certificate.
    • If the certificate is in a file on your workstation computer, browse and select the certificate file and then select Upload file to upload and import the file on your IBM i.
    • If the certificate file exists on the IBM i server, either specify the correct absolute path where the certificate is stored on the server or select Browse to search for the file in IFS and have the correct path and file name placed in the Import file field.