Creating a certificate authority and certificate for testing on IBM i
Use this procedure to create a local CA certificate to sign certificate requests, and to create and install the CA certificate.
Before you begin
About this task
Procedure
- Access the DCM interface, as described in Accessing DCM.
-
In the navigation panel, click Create a Certificate Authority.
The Create a Certificate Authority page is displayed in the task frame.
- Type a password in the Certificate store password field and type it again in the Confirm password field.
- Type a name in the Certificate Authority (CA) name field, for example TLS Test Certificate Authority.
- Type appropriate values in the Common Name and Organization fields, and select a country. For the remaining optional fields, type the values you require.
-
Type a validity period for the local CA in the Validity period field.
The default value is 1095 days.
-
Click Continue.
The CA is created, and DCM creates a certificate store and a CA certificate for your local CA.
-
Click Install certificate.
The download manager dialog box is displayed.
- Type the full path name for the temporary file in which you want to store the CA certificate and click Save.
-
When download is complete, click Open.
The Certificate window is displayed.
-
Click Install certificate.
The Certificate Import wizard is displayed.
- Click Next.
- Select Automatically select the certificate store based on the type of certificate and click Next.
-
Click Finish.
A confirmation window is displayed.
- Click OK.
- In the Certificate window, click OK.
-
Click Continue.
The Certificate Authority Policy page is displayed in the task frame.
- In the Allow creation of user certificates field, select Yes.
-
In the Validity period field, type the validity period of certificates that are issued by your local CA.
The default value is 365 days.
-
Click Continue.
The Create a Certificate in New Certificate Store page is displayed in the task frame.
- Check that none of the applications are selected.
- Click Continue to complete the setup of the local CA.
What to do next
If you need to renew an existing certificate, see Renewing an existing certificate in the IBM i documentation.