IBM Support

Exporting & importing the server certificate from one IBM i to another



This document provides information about how to export a Server certificate from an IBM i source system and then import to a target IBM i System.

Resolving The Problem

As secure communications occur within a client/server environment, this document will use the following terminology:
System A = The source system that contains an existing TLS certificate
System B = The target system you wish to move the TLS certificate to.
This document assumes the Server system already has TLS certificates configured.

System A
On the source system, do the following:

Step 1: Access the Digital Certificate Manager (DCM):
a. Access the DCM page with the following URL (replace 'systemA' with the host name or IP address of the Server system.):
b. Click Open Certificate Store.
c. Select the *SYSTEM store, and type the store password.

Step 2: Export the server certificate:
a. Click the + sign next to the certificate you wish to export and move.
b. Click Export and under Location click Downloads.
c. Type the file name. For this example, we will use 'cert.pfx'. Enter a password for the file and confirm the password, then click Export.
d. On the right menu bar click Download Certificate. Click the Download button for the certificate that was exported and choose a location on your desktop to place the certificate, then click Save. Confirm that the file has been downloaded to your PC (The browser may block the download and need to be approved via the download indicator to the right of the address bar)  .

System B
On the target system, do the following:

Step 3: Access the Digital Certificate Manager (DCM):
1. Access the DCM page with the following URL (replace 'systemB' with the host name or IP address of the Client system.):
2. Click Open Certificate Store..
3. Select the *SYSTEM store, and type the store password.

Step 4: Import the Server certificate:
1. On the left menu click Upload Certificate. Click Choose File and select the certificate file from your desktop and click Open, then click Upload.
2. Click *SYSTEM from the left menu to switch focus back to the *SYSTEM store.
3. Click Import and choose Server or Client.
4. Click Browse Uploads and select the file that uploaded in the previous steps, then click Select. We can then click Continue. Enter the file password and the label (if prompted) and click Import.

Step 5: Use the new Server certificate on the target system:
1. Click the + next to the new certificate, and click Assign.
2. Select the applications that will use the new certificate, and click Replace.
3. End and restart the applications to pick up the new certificate assignment.

Operating System

IBM i:All operating systems listed

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"},{"code":"a8m3p0000000rYKAAY","label":"Digital Certificate Manager-\u003ENew DCM"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Historical Number


Product Synonym

Digital Certificate Manager;DCM

Document Information

Modified date:
05 January 2024