Setting up certificates for the first time

The left frame of Digital Certificate Manager (DCM) is the task navigation frame. You can use this frame to select a wide variety of tasks for managing certificates and the applications that use them.

Which tasks are available depends on which certificate store (if any) you work with and your user profile special authorities. Most tasks are available only if you have *ALLOBJ and *SECADM special authorities. To use DCM to verify object signatures, your user profile must also have *AUDIT special authority.

When you use Digital Certificate Manager (DCM) for the first time, no certificate stores exist. Consequently, when you initially access DCM, the navigation pane displays only these tasks and only when you have the necessary special authorities:
  • Manage User Certificates.
  • Create New Certificate Store.
  • Create a Certificate Authority (CA). (Note: After you use this task to create a private local CA, this task no longer appears in the list.)
  • Manage CRL Locations.
  • Manage LDAP Location.
  • Manage PKIX Request Location.
  • Return to IBM® i Tasks page.

Even if certificate stores already exist on your system (for example, you are migrating from an earlier version of DCM), DCM displays only a limited number of tasks or task categories in the left navigation frame. Which tasks or categories DCM displays varies based on the certificate store that is open and the special authorities for your user profile.

You must first access the appropriate certificate store before you can begin working with most certificate and application management tasks. To open a specific certificate store, click Select a Certificate Store in the navigation frame.

The navigation frame of DCM also provides a Secure Connection button. You can use this button to display a second browser window to initiate a secure connection by using Transport Layer Security (TLS). To use this function successfully, you must first configure the IBM HTTP Server for i to use TLS to operate in secure mode. You must then start the HTTP Server in secure mode. If you have not configured and started the HTTP Server for TLS operation, you will see an error message and your browser will not start a secure session.

Getting started

Although you may want to use certificates to accomplish a number of security-related goals, what you do first depends on how you plan to obtain your certificates. There are two primary paths that you can take when you first use DCM, based on whether you intend to use public certificates versus issuing private certificates.