Completing planning work sheets

The following planning work sheets demonstrate the information that you need to gather and the decisions you need to make to prepare the digital certificate implementation that this scenario describes. To ensure a successful implementation, you need to be able to answer Yes to all prerequisite items and you need to have gathered all the information requested before you perform any configuration tasks.

Table 1. Certificate implementation prerequisite planning work sheet
Prerequisite work sheet Answers
Is your system running a supported version of IBM® i? Yes
Do you have Digital Certificate Manager installed on your system? Yes
Is IBM HTTP Server for i installed on your system and Administrative server instance started? Yes
Is TCP configured for your system so that you can use a Web browser and the HTTP Server Administrative server instance to access DCM? Yes
Do you have *SECADM and *ALLOBJ special authorities? Yes

You need to gather the following information about your digital certificate implementation to perform the necessary configuration tasks to complete the implementation:

Table 2. Certificate implementation configuration planning work sheet
Planning work sheet for System A Answers
Will you operate your own local CA or obtain certificates for your application from a public CA? Create local CA to issue certificates
Does System A host the applications that you want to enable for TLS? Yes
What distinguished name information will you use for the local CA?
  • Key size: determines strength of cryptographic keys for certificate.
  • Key algorithm: select key algorithm (RSA or ECDSA) to use for generating the certificate's public and private keys.
  • Certificate Authority (CA) name: identifies the CA and becomes the common name for the CA certificate and the Issuer DN for certificates that the CA issues.
  • Organization unit: identifies the organizational section or area for the application that will use this certificate.
  • Organization name: identifies your company or divisional section for the application that will use this certificate.
  • Locality or city: identifies your city or a locality designation for your organization.
  • State or province: identifies the state or province in which you will use this certificate.
  • Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.
  • Validity period of Certificate Authority: specifies the number of days for which the Certificate Authority certificate is valid

Key size: 2048

Key algorithm: RSA

Certificate Authority (CA) name: Myco_CA@myco.com

Organization unit: Rate dept

Organization name: myco

Locality or city: Any_city

State or province: Any

Country or region: ZZ

Validity period of Certificate Authority: 1095
Do you want to set the policy data for the local CA to allow it to issue user certificates for client authentication? Yes
What distinguished name information will you use for the server certificate that the local CA issues?
  • Key size: determines strength of cryptographic keys for certificate.
  • Key algorithm: select key algorithm (RSA or ECDSA) to use for generating the certificate's public and private keys.
  • Certificate label: identifies the certificate with a unique string of characters.
  • Common name: identifies the owner of the certificate, such as a person, entity, or application; part of the Subject DN for the certificate.
  • Organization unit: identifies the organizational section or area for the application that will use this certificate.
  • Organization name: identifies your company or divisional section for the application that will use this certificate.
  • Locality or city: identifies your city or a locality designation for your organization.
  • State or province: identifies the state or province in which you will use this certificate.
  • Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.

Key size: 2048

Key algorithm: RSA

Certificate label: Myco_public_cert

Common name: myco_rate_server@myco.com

Organization unit: Rate dept

Organization name: myco

Locality or city: Any_city

State or province: Any

Country or region: ZZ
What is the DCM application ID for the application that you want to configure to use TLS? mcyo_agent_rate_app
Will you configure the TLS-enabled application to use certificates for client authentication? If yes, which CAs do you want to add to the application's CA trust list?

Yes

Myco_CA@myco.com