Resolving The Problem

To obtain the remote host CA either contact that host to get it or use the GETSSL command found in QMGTOOLS

QMGTOOLS GETSSL Utility

READ FIRST!!

Files that reside in the /QIBM/ProdData/* and /QOpenSys/QIBM/ProdData/* directory structures are "owned" by IBM. These system directories are used for Licensed Program Product (LPP) data. As a result, they will be updated/overlaid when Java PTFs are applied. This means it is very risky for clients/third parties to rely on changes/customizations made to any files in the /QIBM/ProdData/* or /QOpenSys/QIBM/ProdData/* directories because a PTF may overlay any changes/customizations.

The Java LPP on the IBM i provides default files for the security configuration. The default security configuration files include the 'java.security', 'java.policy' and 'cacerts' files which are located in the '/QIBM/ProdData/Java400/jdkxx/lib/security/' and '/QOpenSys/QIBM/ProdData/JavaVM/jdkxx/xxbit/jre/lib/security/' directories. It is recommended that you copy these files to another directory outside of the LPP system directories when making customizations. The following properties may be used so the JVM can find and use these customized configuration files. Using these custom properties will insulate your Java applications from changes made to the global Java system LPP security configuration files when applying PTFs.

https://www.ibm.com/support/pages/node/634649

This example is for JDK80 64 bit, replace any reference with your JDK version path

 

Step 1. FTP the CA certificate file to the IBM i system

Step 2. Import the certificate using the Java 'keytool' command

 

keytool -import -file /home/rootca.cer -alias CertAuth -keystore  /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts -storepass changeit -noprompt