You can use Digital Certificate Manager (DCM) to import certificates that are in files on
your workstation or stored in IFS on your IBM® i. You can
also import a certificate from another server instead of recreating the certificate on the current
server.
For example, on System A you used the local CA to create a certificate for
your retail web application to use to initiate TLS connections. Your business has grown recently and
you have installed a new
IBM i model (System B) to host
more instances of this very busy retail application. You want all instances of the retail
application to use an identical certificate to identify them and initiate TLS connections.
Consequently, you might decide to import both the local CA certificate and the server certificate
from System A to System B rather than to use the local CA on System A to create a new, different
certificate for System B to use.
Follow these steps to use DCM to import a certificate:
- If the certificate to import currently resides on your workstation, you
need to upload the file into IFS.
- From the left-hand navigation, select Upload Certificate.
- Click the button to browse and choose a file from your workstation file system for upload.
- Click Upload to copy the chosen certificate file to the
Upload directory.
- In the left-hand navigation pane, click Open Certificate
Store and select the certificate store that you want to import the certificate into.
The certificate store that you import the certificate into must contain certificates
that are the same type as the certificate that you exported on the other system. For example, if you
are importing a server certificate (type) then import it into a certificate store that contains
server certificates such as *SYSTEM or an Other System Certificate Store.
- In the Certificates frame, select Import.
- Select the type of certificate that you want to import. The type of certificate that you
are importing needs to be the same type of certificate that you exported. For example, if you
exported a server certificate select to import a server certificate.
Note: When DCM exports a certificate in pkcs12 format, the issuing CA is included in the exported
certificate chain and is therefore imported automatically when the certificate itself is imported
into the certificate store by DCM. However, if the certificate is not exported in pkcs12 format and
you do not have the CA certificate in the certificate store to which you are importing, you need to
import the issuing CA certificate before you can import the certificate.
- Specify the
Path
field to import the certificate.
- If the certificate resides in the Upload directory, select
Browse Uploads, select the certificate file, and click
Select to populate the path field.
- If the certificate file exists in a different IFS directory, either type the path and file
name, or select Browse to find and select the certificate file, and click
Select to populate the path field.
- Click Continue and complete the form.
- Select Import to have the certificate imported into the
certificate store.
The following figure demonstrates selecting a file from workstation for upload:
The figure demonstrates selecting a file from workstation for upload:
The following figure demonstrates selecting file and import:
The figure demonstrates selecting a file from uploads directory and selecting import: