Troubleshooting assigning a user certificate

Use the following steps to help you troubleshoot any problems you may encounter while trying to assigning a user certificate with Digital Certificate Manager (DCM).

When you use the Assign a user certificate task, Digital Certificate Manager (DCM) displays certificate information for you to approve before registering the certificate. If DCM is unable to display a certificate, the problem might be caused by one of these situations:

  1. Your browser did not request that you select a certificate to present to the server. This may happen if the browser cached a previous certificate (from accessing a different server). Try clearing the browser's cache and try the task again. The browser will prompt you to select a certificate.
  2. This may also happen if you configure your browser so that it does not display a selection list and the browser contains only one certificate from a Certificate Authority (CA) in the list of CAs that the server trusts. Check your browser configuration settings and change them, if necessary. Your browser will then prompt you to select a certificate. If you cannot present a certificate from a CA that the server is set to trust, you cannot assign a certificate. Contact your DCM administrator.
  3. The certificate that you want to register is already registered with DCM.
  4. The Certificate Authority that issued the certificate is not designated as trusted for the system or the application in question. Therefore, the certificate you are presenting is not valid. Contact your system administrator to determine if the CA that issued your certificate is correct. If the CA is correct, the system administrator may need to Import the CA certificate into the *SYSTEM certificate store. Or, the administrator may need to use the Set CA status task to enable the CA as trusted to correct the problem.
  5. You do not have a certificate to register. You can check for user certificates in your browser to see if this is the problem.
  6. The certificate that you are trying to register is expired or incomplete. You must either renew the certificate or contact the CA that issued it to resolve the problem.
  7. The IBM® HTTP Server for i is not correctly set up to do certificate registration using TLS and client authentication on the secure Administrative server instance. If none of the previous troubleshooting tips works, contact your system administrator to report the problem.

To Assign a user certificate, you must connect to Digital Certificate Manager (DCM) by using a TLS session. If you are not using TLS when you select the Assign a user certificate task, DCM displays a message that you must use TLS. The message contains a button so that you can connect to DCM by using TLS. If the message displays without the button, inform your system administrator of the problem. The Web server may need to be restarted to ensure that the configuration directives for using TLS are activated.