IBM Support

Digital Certificate Manager APIs



Digital Certificate Manager (DCM) APIs added to automate the management of certificates without using the DCM browser-based user interface. An application written using these APIs can renew a certificate residing in the system certificate store, update an application definition to use the renewed certificate, and update the trust list with the CA that issued the renewed certificate.


You are in: IBM i Technology Updates > General IBM i Operating System > Digital Certificate Manager APIs

These three APIs provide Application Definition certificate assignment capabilities.  An Application Definition, also known as Application ID, is created and maintained in DCM for use by System TLS based applications. 

These three APIs provide Certificate Authority (CA) Trust List configuration capabilities.  A CA Trust List is an optional configuration for Application Definitions.  The list allows individual applications to trust a different set of CAs from other applications.   

This API is used in a two-step process to renew an existing certificate residing in the system certificate store.

With the first call, a CSR (Certificate Signing Request) is generated based on an existing certificate.  After out of band processing of the CSR is complete, the second call imports the issued certificate into the system certificate store.

Refer to the IBM i Knowledge Center documentation for Digital Certificate Management APIs for additional information. 

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"IBM i 7.4","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
09 January 2020