Troubleshooting
Problem
This document describes how to configure Digital Certificate Manager for i, how to create a minimal configuration with a *SYSTEM store, a local certificate authority, and a server certificate.
Symptom
Basic Digital Certificate Manager configuration is needed.
Cause
Customer requires a basic Digital Certificate Manager environment to secure application connections.
Resolving The Problem
This document provides steps for configuring Digital Certificate Manager (DCM) for IBM i. It is phrased for system administrators who have little or no experience with DCM and need a minimal configuration to get started with securing application connections.
Step 1: To start the HTTP ADMIN instance (if it is not already active), do the following:
Step 2: To sign in to Digital Certificate Manager, do the following:
Step 3: To create a *SYSTEM store, do the following:
Step 4: To create a local certificate authority, do the following:
Step 1: To start the HTTP ADMIN instance (if it is not already active), do the following:
| 1. | To determine whether the ADMIN instance is active, run the following command: WRKACTJOB SBS(QHTTPSVR) JOB(ADMIN) |
| 2. | If there are no active ADMIN jobs, run the following command: STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN) |
| 3. | Run the WRKACTJOB SBS(QHTTPSVR) JOB(ADMIN) command again, and press F5 (Refresh) until at least three ADMIN jobs are in *SIGW status, and at least one ADMIN3 job is active. |
Step 2: To sign in to Digital Certificate Manager, do the following:
| 1. |
Using a browser, access the following website:
http://<IPaddress or hostname of the IBM i system>:2006/dcm or https://<IPaddress or hostname of the IBM i system>:2007/dcm Replace <IPaddress or hostname of the i5 system> with the IP address or hostname of the System i system.
|
| 2. |
You are presented a sign-on screen for IBM Digital Certificate Manager for i.
|
| 3. | Enter the profile and password. Use a profile with system administrator level special authorities. |
| 1. | On the left panel, click Open Certificate Store. If there is an option for *SYSTEM, you already have a *SYSTEM store. |
| 2. | If there is no option for *SYSTEM, on the left panel, click Create Certificate Store. |
| 3. | On the right panel, under Select a Store, click the *SYSTEM tile. |
| 4. | Enter a password for the *SYSTEM store (must be letters and numbers only with no punctuation nor spaces.) |
| 5. | Enter the same password for the Confirm Password field. |
| 6. | Click Create. |
Step 4: To create a local certificate authority, do the following:
| 1. | On the left panel, click Open Certificate Store. If there is an option tile for Local CA, you already have a Local CA. |
| 2. |
If there is no option for Local CA, follow this Technical Document.
How to create the local certificate authority (CA) Store in Digital Certificate Manager for i (DCM)
|
| 3. |
If you already have a Local CA, but would like to renew it, follow this Technical Document.
How to renew a local certificate authority (CA) in Digital Certificate Manager for i (DCM)
|
Step 5: To create a local server certificate and assign it to application IDs, follow this Technical Document.
|
How do I create a TLS server certificate issued by a local certificate authority?
|
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m3p0000000rYKAAY","label":"Digital Certificate Manager-\u003ENew DCM"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;7.5.0"}]
Historical Number
416096345
Was this topic helpful?
Document Information
Modified date:
29 December 2022
UID
ibm16851971