Requesting a server certificate on IBM i
Digital certificates protect against impersonation, certifying that a public key belongs to a specified entity. A new server certificate can be requested from a certificate authority using the Digital Certificate Manager (DCM).
About this task
Procedure
- Access the DCM interface, as described in Accessing DCM.
-
In the navigation panel, click Select a Certificate Store.
The Select a Certificate Store page is displayed in the task frame.
- Select the certificate store you want to use and click Continue.
- Optional: If you selected *SYSTEM in step 3, enter the system store password and click Continue.
- Optional: If you selected Other System Certificate Store in step 3, in the Certificate store path and filename field, type the IFS path and file name you set when you created your certificate store. Also type a password in the Certificate Store Password field. Then click Continue
- In the navigation panel, click Create Certificate.
-
In the task frame, select the Server or client certificate radio button and click Continue.
The Select a Certificate Authority (CA) page is displayed in the task frame.
-
If you have a local CA on your workstation you choose either the local CA or a commercial CA to sign the certificate. Select the radio button for the CA you want and click Continue.
The Create a Certificate page is displayed in the task frame.
- Optional:
For a queue manager, in the Certificate label field, enter the certificate label.
The label is either the value of the CERTLABL attribute, if it is set, or the default
ibmwebspheremq
with the name of the queue manager appended, all in lowercase. See Digital certificate labels for details.For example, for queue manager QM1, type ibmwebspheremqqm1 to use the default value. - Optional:
For an IBM® MQ MQI
client, in the Certificate label field, type ibmwebspheremq followed by your logon user ID folded to lowercase.
For example, type ibmwebspheremqmyuserID
- Type appropriate values in the Common Name and Organization fields, and select a country. For the remaining optional fields, type the values you require.
Results
If you selected the local CA to sign your certificate, DCM informs you that the certificate has been created in the certificate store and can be used.