IBM Support

Digital Certificate Manager (DCM) - Frequently Asked Questions and Common Tasks

Troubleshooting


Problem

This document describes all the common tasks that are typically performed within Digital Certificate Manager.

Resolving The Problem

Digital Certificate Manager is a Web-based interface to create and manage SSL certificates on the IBM i. These certificates can be used to enable TCP/IP server and client application to use SSL communications. Below are some of the common questions regarding Digital Certificate Manager:

  • How Do I Access Digital Certificate Manager?

    Check out the YouTube video here:

    Digital Certificate Manager requires that the HTTP Admin server be running in the QHTTPSVR subsystem. The ADMIN jobs should appear as follows when viewed using WRKACTJOB:

      • V7R2



        image-20190109083955-1

        If these jobs are not in the subsystem, you should try starting the server with the following command:

        STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

        If the jobs do not start and look like the example above, you should refer to the following document to troubleshoot the HTTP Admin server:



        If all the HTTP Admin jobs are up and running as they should, Digital Certificate Manager can be accessed using the following URL (replace systemname with either the IBM i system name or IP address):

        http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

        • V7R3



          image-20190109084012-2

          If these jobs are not in the subsystem, you should try starting the server with the following command:

          STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

          If the jobs did not start and look like the example above, you should refer to the following document to troubleshoot the HTTP Admin server:



          If all the HTTP Admin jobs are up and running as they should, Digital Certificate Manager can be accessed using the following URL (replace systemname with either the IBM i system name or IP address):

          http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

  • How Do I Configure Telnet and the IBM i Host Servers for SSL?

      NOTE:Ensure that CHGTELNA has 'Allow Secure Socket Layer' set to *YES. If it is set to *NO, SSL is not permitted. Changing this value requires Telnet to be ended and restarted to take effect.

      To configure SSL for Telnet and the IBM i Host servers, you first need to access Digital Certificate Manager by using the following URL (see How do I access Digital Certificate Managersection above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you first need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Storebutton:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:
    • I see both 'Local Certificate Authority (CA)' and '*SYSTEM' stores


      If you have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the following application IDs in DCM:

      - Central Server
      - Database Server
      - Data Queue Server
      - Network Print Server
      - Remote Command Server
      - Signon Server
      - IBM i TCP/IP Telnet Server
      - i5/OS DDM/DRDA Server - TCP/IP
      - Host Servers
      - File Servers
      - Management Central Server

      NOTE: The above applications MUST be restarted after the SSL certificate is assigned to enable SSL for the server application.

      The following document will guide you through the certificate creation and assignment process:


    • I see only the 'Local Certificate Authority (CA)'


      A) If you see only the 'Local Certificate Authority (CA)' store, you will also need to create the *SYSTEM store where your SSL certificates are stored. To do this, you should refer to the following document:



      B) Once the *SYSTEM store is created, you should verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click Select a Certificate Store. On the right side of the screen, select the Local Certificate Authority (CA) radio button and click CONTINUE. Provide the store password and click CONTINUE.

      C) On the left menu, click Manage Local CA and then click the View link underneath:

      Picture of Local CA Manage Local CA --> view option

      D) Under the 'Additional Information:' section, check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon. If necessary, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click on the 'Select All' button and then click CONTINUE at the bottom of the page.

      E) Now that the Local CA has been verified and you now have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the following application IDs in DCM:

      - Central Server
      - Database Server
      - Data Queue Server
      - Network Print Server
      - Remote Command Server
      - Signon Server
      - IBM i TCP/IP Telnet Server
      - i5/OS DDM/DRDA Server - TCP/IP
      - Host Servers
      - File Servers
      - Management Central Server

      NOTE: The above applications MUST be restarted after the SSL certificate is assigned to enable SSL for the server application.

      You should refer to the following document which will guide you through the certificate creation and assignment process:

    • I see only the '*SYSTEM' store


      A) If you see only the *SYSTEM store, you will need to also create a Local Certificate Authority (CA) store using the following document:



      B) Now that you have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the following application IDs in DCM:

      - Central Server
      - Database Server
      - Data Queue Server
      - Network Print Server
      - Remote Command Server
      - Signon Server
      - IBM i TCP/IP Telnet Server
      - i5/OS DDM/DRDA Server - TCP/IP
      - Host Servers
      - File Servers
      - Management Central Server

      NOTE: The above applications MUST be restarted after the SSL certificate is assigned to enable SSL for the server application.

      You should refer to the following document which will guide you through the certificate creation and assignment process:

    • I see neither 'Local Certificate Authority (CA)' or '*SYSTEM' stores


      You should refer to the following document which will guide you through the configuration:


    • 3) Once you have your SSL certificate created and assigned to the Telnet and Host Server application IDs in DCM, you can then proceed with configuring the PC 5250 client to use SSL using the following document:


    • How do I configure the FTP client for SSL?

      To configure the FTP client for SSL, you first need to access Digital Certificate Manager using the following URL (see theHow do I access Digital Certificate Manager section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you first need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

      • I do not see the '*SYSTEM' store


        A) You will need to create the *SYSTEM store where our SSL certificates are stored. To do this, you will use the following document:



        B) Once the *SYSTEM store is created, you can use the following instructions to import your CA certificate and allow your SSL FTP client to trust it:

        • I see the '*SYSTEM' store


          Because the *SYSTEM store exists, you can now use the following instructions to import your CA certificate and allow your SSL FTP client to trust it:


    • How do I configure the FTP server for SSL?


      Check out the YouTube video on assigning a certificate to the FTP server here:


      To configure SSL for FTP, you first need to access Digital Certificate Manager using the following URL (refer to the How do I access Digital Certificate Manager section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you first need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

      • I see both 'Local Certificate Authority (CA)' and '*SYSTEM' stores



        If there is an SSL certificate already created to assign to FTP, the following document will guide you through the process:



        If an SSL certificate has not yet been created, the following document will guide you through the certificate creation and assignment process:

        • I see only the 'Local Certificate Authority (CA)' store



          A) If you see only the 'Local Certificate Authority (CA)' store, you will also need to create the *SYSTEM store where your SSL certificates are stored. To do this, you should refer to the following document:



          B) Once the *SYSTEM store is created, you should verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click Select a Certificate Store. On the right side of the screen, select the 'Local Certificate Authority (CA)' radio button and click CONTINUE. Provide the store password and click CONTINUE.

          C) On the left menu, click Manage Local CA and then click the View link underneath:

          Picture of Local CA Manage Local CA --> view option


          D) Under the 'Additional Information:' section, check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon. If necessary, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click the 'Select All' button and then click CONTINUE at the bottom of the page.

          E) Now that the Local CA has been verified and you now have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the FTP server application ID. You should refer to the following document which will guide you through the creation:

          • I see the '*SYSTEM' store



            If there is an SSL certificate already created to assign to FTP, you should refer to the following document which will guide you through the process:



            If an SSL certificate has not yet been created, you should use the following steps:

            A) If you see only the *SYSTEM store, you will need to also create a Local Certificate Authority (CA) store using the following document:


            B) Now that you have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the FTP server application ID in DCM:

            You should refer to the following document which will guide you through the certificate creation and assignment process:


            • I see neither 'Local Certificate Authority (CA)' or '*SYSTEM' stores


              A) To configure SSL for the FTP Server, you first need to create the *SYSTEM store where your SSL certificates are kept. To do this, you will use the following document:



              B) Once the *SYSTEM store is created, you then need to create your Local Certificate Authority (CA) store. The following document describes the steps for configuring this:


              C) Now that you have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate and assign it the FTP Server application ID in DCM. The following document will guide you through the certificate creation and assignment process:

    • How do I configure an HTTP server for SSL?

      To configure an HTTP server for SSL we first need to access Digital Certificate Manager via the following URL (see 'How do I access Digital Certificate Manager' section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

      • I see both 'Local Certificate Authority (CA)' and '*SYSTEM' stores


        If you see both the 'Local Certificate Authority (CA)' and '*SYSTEM' store and an SSL certificate exists to assign to HTTP we can skip to step 3 below. If a certificate needs to be created, you can use one of the following documents to create it and then proceed to step 3:


      • I see only the 'Local Certificate Authority (CA)' store


        A) If you see only the 'Local Certificate Authority (CA)' store, you will also need to create the *SYSTEM store where your SSL certificates are stored. To do this we will use the following document:



        B) Once the *SYSTEM store is created, you can now either create a certificate signed by your Local Certificate authority, or you can choose to use one signed by a third-party CA.

        If you would like to use a certificate signed by a third-party CA, you can use the following document to guide you through the process:


        If you would like to use a certificate signed by a the Local Certificate Authority, you should now perform the following steps:

        b1) Verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click on 'Select a Certificate Store'. On the right side of the screen, select the 'Local Certificate Authority (CA)' radio button and click CONTINUE. Provide the store password and click CONTINUE.

        b2) On the left menu, click Manage Local CA, and then click the View link underneath:

        Picture of Local CA Manage Local CA --> view option


        b3) Under the 'Additional Information:' section, you should check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon. If necessary, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click on the 'Select All' button and then click CONTINUE at the bottom of the page.

        b4) Now that the Local CA has been verified and you now have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with creating a self-signed certificate. You should refer to the following document which will guide you through the creation:


        C) Once you have your SSL certificate created and available to assign you can proceed to step 3 below

      • I see only the '*SYSTEM' store


        If you see the *SYSTEM store and you already have an SSL certificate created proceed to step 3.

        If there are no SSL certificates, you should refer to one the following documents (depending on the type of certificate you would like):



        Once a certificate is created and ready to assign to an HTTP server proceed to step 3

      • I see neither 'Local Certificate Authority (CA)' or '*SYSTEM' stores


        A) To configure SSL for the HTTP Server, you first need to create the *SYSTEM store where your SSL certificates are kept. To do this, you will use the following document:



        B) Once the *SYSTEM store is created, you can now either create a certificate signed by your Local Certificate authority, or you can choose to use one signed by a third-party CA.

        - If you would like to use a certificate signed by a third-party CA, you can use the following document to guide you through the process:

        - If you'd like to use a local SSL certificate you then need to create your Local Certificate Authority (CA) store. The following document describes the steps for configuring this:

        We then can proceed with creating a self-signed certificate. The following document will guide you through the certificate creation process:

        Once the SSL certificate is created and ready to assign to the HTTP server proceed with step 3.

      • 3) Once we have an SSL certificate created and ready to assign to HTTP we can use the instructions on the following document:



    • How do I configure the HTTP ADMIN server for SSL?

      To configure the HTTP Admin server for SSL we first need to access Digital Certificate Manager via the following URL (see 'How do I access Digital Certificate Manager' section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

      • I see both 'Local Certificate Authority (CA)' and '*SYSTEM' stores


        A) First we will need to verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click on 'Select a Certificate Store'. On the right side of the screen, select the 'Local Certificate Authority (CA)' radio button and click CONTINUE. Provide the store password and click CONTINUE.

        B) On the left menu, click Manage Local CA, and then click the View link underneath:

        Picture of Local CA Manage Local CA --> view option


        C) Under the 'Additional Information:' section, you should check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon. If necessary, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click on the 'Select All' button and then click CONTINUE at the bottom of the page.

        D) Now that the Local CA has been verified and you have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with Step 3


      • I see only the 'Local Certificate Authority (CA)' store


        A) If you see only the 'Local Certificate Authority (CA)' store, you will also need to create the *SYSTEM store where your SSL certificates are stored. To do this we will use the following document:


        B) Once the *SYSTEM store is created we will need to verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click on 'Select a Certificate Store'. On the right side of the screen, select the 'Local Certificate Authority (CA)' radio button and click CONTINUE. Provide the store password and click CONTINUE.

        C) On the left menu, click Manage Local CA, and then click the View link underneath:

        Picture of Local CA Manage Local CA --> view option


        D) Under the 'Additional Information:' section, you should check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon. If necessary, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click on the 'Select All' button and then click CONTINUE at the bottom of the page.

        E) Now that the Local CA has been verified and you now have both the 'Local Certificate (CA)' and '*SYSTEM' stores, you can proceed with Step 3

      • I see only the '*SYSTEM' store


        If you see the *SYSTEM store we will need to create the Local Certificate Authority (CA) store using the instructions on the following document


        Once the Local Certificate Authority (CA) store is created proceed to Step 3

      • I see neither 'Local Certificate Authority (CA)' or '*SYSTEM' stores


        A) To configure SSL for the HTTP Admin Server, you first need to create the *SYSTEM store where your SSL certificates are kept. To do this, you will use the following document:


        B) We then need to create the Local Certificate Authority (CA) store. The following document describes the steps for configuring this:

        We then can proceed with Step 3

      • 3) The following document describes how to enable SSL for the HTTP Admin server:



    • How do I create an SSL server certificate issued by a third party (Versign, Thawte, etc)?

      To create an SSL server certificate issued by a third party (Verisign, Thawte, etc) we first need to access Digital Certificate Manager via the following URL (see 'How do I access Digital Certificate Manager' section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

    • How do I create an SSL server certificate issued by a local Certificate Authority?


      Check out the YouTube video here:

      The following document describes how to create an SSL certificate issued by the Local Certificate Authority:


    • How do I import a Certificate Authority certificate?

      To import a Certificate Authority Certificate we first need to access Digital Certificate Manager via the following URL (see 'How do I access Digital Certificate Manager' section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:

    • How do I import a third party PKCS#12 SSL Certificate (files with .p12 or .pfx extension)?

      To import a third party PKCS#12 SSL certificte we first need to access Digital Certificate Manager via the following URL (see 'How do I access Digital Certificate Manager' section above for more details):

      http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

      Before you can begin the configuration, you need to check to see what is currently configured in Digital Certificate Manager:

      1) On the left menu bar, click the Select a Certificate Store button:

      Picture of DCM 'Select a Certificate Store' button

      2) On the right hand side, it will show the different certificate stores that are configured. Based on what you see in this section, you should use one of the sections below:


    • How do I renew a local SSL server certificate?

      A) First we will need to verify that the Local Certificate Authority is still valid in the 'Local Certificate Authority (CA)' store. On the left menu, click on 'Select a Certificate Store'. On the right side of the screen, select the 'Local Certificate Authority (CA)' radio button and click CONTINUE. Provide the store password and click CONTINUE.

      B) On the left menu, click Manage Local CA, and then click the View link underneath:

      Picture of Local CA Manage Local CA --> view option


      C) Under the 'Additional Information:' section, you should check the 'Validity Period' and make sure that the Certificate Authority is still valid and is not going to expire soon.

      If the CA is expired or will expire soon, select the 'Renew' option under 'Manage Local CA' to renew the certificate. It will pull in the existing information on the original Certificate Authority certificate. Adjust Validity Period of the CA (up to 7300 days) and click CONTINUE. On the 'Install Renewed Local CA Certificate', click CONTINUE. Lastly, on the 'Select Applications to Trust this Certificate Authority (CA)', click on the 'Select All' button and then click CONTINUE at the bottom of the page.

      D) If a renewal of the Local CA was necessary we will need to use the following document to create a new Local Server certificate (a renewal is not possible since the CA is new):

      If the Local CA was still valid and no renewal was necessary the following document will lead you through the Local Server certificate renewal process:


    • How do I create a *SYSTEM certificate store?

      The following document describes how to create the *SYSTEM store in DCM:
      Alternately, this YouTube video demonstrates how to access DCM and create the *SYSTEM certificate store:


    • How do I backup/migrate/replicate my Digital Certificate Management (DCM) environment?

      There are three main items comprising your DCM environment. When backing up, migrating, or replicating your DCM environment; you should ensure the following items are included and restored/replicated properly to your new IBM i server.
      1. The DCM certificate store (aka key store) files containing your SSL certificates.

      • The certificate store files are all located in the following IFS location:

        /QIBM/UserData/ICSS/Cert

        This directory can be backed up/migrated/replicated with the following SAV (save) and RST (restore) CL commands.

        CRTSAVF FILE(QGPL/DCMIFS)
        SAV DEV('/QSYS.LIB/QGPL.LIB/DCMIFS.FILE') OBJ(('/QIBM/UserData/ICSS/Cert')) DTACPR(*HIGH) PVTAUT(*YES)
        RST DEV('/QSYS.LIB/QGPL.LIB/DCMIFS.FILE') OBJ(('/QIBM/UserData/ICSS/Cert')) PVTAUT(*YES)
      2. The certificate store system password stash.

      • The certificate store system password is used by IBM i OS applications (Telnet, FTP, Host Servers, HTTP, etc.) to authenticate to the DCM certificate stores (*SYSTEM and Local CA). This password stash is needed to keep the passwords in sync between the DCM certificate stores in the IFS and the system password hash managed by the OS. Failure to save and restore the certificate store system password stash along with the DCM certificate stores in the IFS, may result in the loss of your SSL certificates! Please refer to the following URL for more information on this.
        ===================================
        To save the certificate store system password stash, you can use either the SAVSYS or SAVSECDTA commands.

        To restore the DCM password stash, use the following restore user profile command:

        RSTUSRPRF USRPRF(*NONE) SECDTA(*DCM)

        NOTE: The above command requires your IBM i server to be in restricted state (ENDSBS *ALL).
      3. The user index containing the SSL certificate to IBM i application assignments.

      The SSL certificate to IBM i application assignments are stored in the following user index object:

      QUSRSYS/QYCDCERTI

      This can be saved with the SAVOBJ command and restored with the RSTOBJ command.
      CRTSAVF FILE(QGPL/DCMUSRIDX)
      SAVOBJ OBJ(QYCDCERTI) LIB(QUSRSYS) DEV(*SAVF) SAVF(QGPL/DCMUSRIDX) PVTAUT(*YES)
      RSTOBJ OBJ(QYCDCERTI) SAVLIB(QUSRSYS) DEV(*SAVF) SAVF(QGPL/DCMUSRIDX) PVTAUT(*YES)
      4. NOTE: For IBM i 7.2 and 7.3 ONLY, you will need to run the following command to migrate your IBM i Local CA information.

      Run the following command on the IBM i command line:

      CALL QICSS/QYCUMIGREX

      This call will migrate the local CA information to the new format that IBM i 7.2 and 7.3 utilizes (since the OS now supports more than one Local CA).
      5. (OPTIONAL) - All DCM Application IDs are stored under the exit point, QIBM_QSY_CERT_APPS, in the QUSRSYS/QUSEXRGOBJ object. WARNING!!! The QUSRSYS/QUSEXRGOBJ object contains information for ALL exit points. If this object is migrated, ALL exit point information is also migrated. Use caution when migrating/replication this object since this will migrate/replicate ALL exit point information which might negatively affect your IBM i server if not handled properly.

      If you wish to migrate/replicate your DCM application ID information, you will need to save and restore/replicate this object.

      This can be saved with the SAVOBJ command and restored with the RSTOBJ command.
      CRTSAVF FILE(QGPL/DCMAPPS)
      SAVOBJ OBJ(QUSEXRGOBJ) LIB(QUSRSYS) DEV(*SAVF) SAVF(QGPL/DCMAPPS) PVTAUT(*YES)
      RSTOBJ OBJ(QUSEXRGOBJ) SAVLIB(QUSRSYS) DEV(*SAVF) SAVF(QGPL/DCMAPPS) PVTAUT(*YES)
      The following document provides more information regarding the backup and recovery of your DCM environment.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V7R3;V7R2;V7R1","Edition":""}]

Historical Number

673816594

Document Information

Modified date:
18 December 2019

UID

nas8N1010356