Troubleshooting
Problem
Environment
Resolving The Problem
Choose ONE of the following options (either use the default JKS keystore that ADMIN3 ships with, or use certificates within the Digital Certificate Manager *SYSTEM store):
- Enable HTTPS using the default Java keystore
NOTE: This option will create a new self-signed certificate to be placed in the Java keystore.
1. Open a web browser and go to the following URL (login with your IBM i user profile):http://hostname:2001/HTTPAdmin
2. Click Manage -> Application Servers-> select 'Admin3' on Servers list
3. Click 'Configure TLS'
4. Click Next on Step 1:
5. Configure port/protocol and whether to enable http also on Step 2 (NOTE: It is recommended to select at a minimum TLSv1.2 for the protocol and leave the TLS port as the default port it recommends):
6. Configure 'dcm_key.jks' as the keystore on Step 3:
7. This will prompt to create the new keystore and set the password. Fill out the password fields and click Next:8. Select 'Default Ciphers' and click 'Next' on Step 8:
9. Select the restart server style you like on Step 9:
10. You will be presented a summary screen of your choices. Click Finish. The server will need to be restarted and user should connect via the following URL:https://hostname:2007/dcm
- Enable HTTPS using the Digital Certificate Manager *SYSTEM keystore
- Issue a new self-signed certificate
1. Open a web browser and go to the following URL (login with your IBM i user profile):
http://hostname:2001/HTTPAdmin
2. Click Manage -> Application Servers-> select 'Admin3' on the Servers list.
3. Click 'Configure TLS'
4. Click Next on Step 1:
5. Configure port/protocol and whether to enable http also on Step 2 (NOTE: It is recommended to select at a minimum TLSv1.2 for the protocol and leave the TLS port as the default port it recommends):
6. Select 'Use Digital Certificate Manager (DCM) SYSTEM store' on Step 3 -> click 'Next':
7. Specify the password of the *SYSTEM store:
8. Select 'Issue a new self-signed certificate' and click 'Next'
9. Select ' Default ciphers' and click 'Next'
10. Select your restart option and click Next:
11. You will be presented a summary screen of your choices. Click Finish. The server will need to be restarted and user should connect via the following URL:https://hostname:2007/dcm - Select an existing certificate from the *SYSTEM keystore
1. Open a web browser and go to the following URL (login with your IBM i user profile):
http://hostname:2001/HTTPAdmin
2. Click Manage -> Application Servers-> select 'Admin3' on the Servers list
3. Click 'Configure TLS'
4. Click Next on Step 1:
5. Configure port/protocol and whether to enable http also on Step 2 (NOTE: It is recommended to select at a minimum TLSv1.2 for the protocol and leave the TLS port as the default port it recommends):
6. Select 'Use Digital Certificate Manager (DCM) SYSTEM store' on Step 3 -> click 'Next':
7. Specify the password of the *SYSTEM store:
8. Select 'Select existing certificate from the keystore', then choose an existing certificate from the drop down (avoid certificates with an * at the end, these are expired) on Step 6 -> click 'Next'
9. Select 'No trust certificate to import' on Step 7 -> click 'Next'
10. Select 'Default ciphers' on Step 8 and click Next:11. Select your restart option and click Next:
12. You will be presented a summary screen of your choices. Click Finish. The server will need to be restarted and user should connect via the following URL:https://hostname:2007/dcm
NOTE: To prevent an TLS warning regarding the certificate not being trusted in the browser a certificate from a well-known Certificate Authority can be used - Issue a new self-signed certificate
Related Information
Was this topic helpful?
Document Information
Modified date:
25 August 2023
UID
ibm16615667