Assigning a certificate used by service tools (including LAN console)

You can assign your own certificate to be used by the service tools server.

IBM® i service tools (including LAN console) use TLS to secure passwords and other sensitive data during an information exchange. It uses an internal server certificate and the System TLS defaults for protocol version and cipher suites.

You can configure IBM i service tools to use a server certificate of your choosing. You can also override the System TLS defaults to set the protocol versions and cipher suites supported by IBM i service tools. This is done by changing the configuration for the IBM i service tools application definition using Digital Certificate Manager (DCM).

Before you change the configuration for IBM i service tools, you must install the prerequisite programs and set up digital certificates on your system.

The digital certificate used by IBM i service tools can be created by either a local certificate authority (CA) or a public CA. You can also use a certificate already being used by other applications.

To change the IBM i service tools back to use the internal IBM i certificate, follow the steps for associating a certificate and remove all certificate assignments.