Importing a certificate

You can use Digital Certificate Manager (DCM) to import certificates that are in files on your workstation or stored in IFS on your IBM® i. You can also import a certificate from another server instead of recreating the certificate on the current server.

For example, on System A you used the local CA to create a certificate for your retail web application to use to initiate TLS connections. Your business has grown recently and you have installed a new IBM i model (System B) to host more instances of this very busy retail application. You want all instances of the retail application to use an identical certificate to identify them and initiate TLS connections. Consequently, you might decide to import both the local CA certificate and the server certificate from System A to System B rather than to use the local CA on System A to create a new, different certificate for System B to use.

Follow these steps to use DCM to import a certificate:

  1. Start of changeIf the certificate to import currently resides on your workstation, you need to upload the file into IFS.
    1. From the left-hand navigation, select Upload Certificate.
    2. Click the button to browse and choose a file from your workstation file system for upload.
    3. Click Upload to copy the chosen certificate file to the Upload directory.
    End of change
  2. Start of changeIn the left-hand navigation pane, click Open Certificate Store and select the certificate store that you want to import the certificate into.
    The certificate store that you import the certificate into must contain certificates that are the same type as the certificate that you exported on the other system. For example, if you are importing a server certificate (type) then import it into a certificate store that contains server certificates such as *SYSTEM or an Other System Certificate Store.
    End of change
  3. Start of changeIn the Certificates frame, select Import. End of change
  4. Select the type of certificate that you want to import. The type of certificate that you are importing needs to be the same type of certificate that you exported. For example, if you exported a server certificate select to import a server certificate.
    Note: When DCM exports a certificate in pkcs12 format, the issuing CA is included in the exported certificate chain and is therefore imported automatically when the certificate itself is imported into the certificate store by DCM. However, if the certificate is not exported in pkcs12 format and you do not have the CA certificate in the certificate store to which you are importing, you need to import the issuing CA certificate before you can import the certificate.
  5. Specify the Path field to import the certificate.
    • If the certificate resides in the Upload directory, select Browse Uploads, select the certificate file, and click Select to populate the path field.
    • If the certificate file exists in a different IFS directory, either type the path and file name, or select Browse to find and select the certificate file, and click Select to populate the path field.
  6. Click Continue and complete the form.
  7. Select Import to have the certificate imported into the certificate store.