How to Create the Local Certificate Authority (CA) Store in Digital Certificate Manager for i (DCM)

Click Create Certificate Store followed by Local CA:

On the next screen, you will need to provide a password to the Local Certificate Authority store and click Create. This Local CA store is used to create Certificate Authorities to digitally sign local SSL certificates:

On the next screen, you will create the Local CA certificate by clicking Create:

Note: Fill out all the required fields in the form(identified with a red X ). You may also want to change the Key Size and the Validity Period of Certificate Authority (CA):

Key Size: This determines the length of the encryption key (choose between RSA 1024, 2048, and 4096 ECDSA 256, 384 and 521). The default is 1024, but this might not be considered a large enough key size for some security compliance. In this case, you might want to use 2048 or 4096.

Validity period of Certificate Authority (CA): This is the number of days that the CA certificate will be valid for, once this limit is reached the certificate expires and will need to be renewed (7300 days is the maximum value for this parameter)

You may want to set the Policy Data for the Local CA. This policy determines how long server or client SSL certificates that are signed by the Local CA certificate will last 



This defaults to 365 days and the maximum you can set this to 2000. This determines how often the server/client certificates created by the CA will be valid. Once finished making selections click Change. You have now successfully created the Local CA store and Local CA certificate.