IBM Support

How to Import a Certificate Authority Certificate into Digital Certificate Manager

Troubleshooting


Problem

This document explains how to import a Certificate Authority (CA) certificate into Digital Certificate Manager (DCM).

Resolving The Problem

This document explains how to import a Certificate Authority (CA) certificate into Digital Certificate Manager (DCM). If the import fails with a message that the file is not found, the full IFS name: /directorypath/filename.extension was entered incorrectly. If the import fails with a message that the issuer is not in the store, CA certificates in the certification path are missing. The root CA needs to be imported first, then any intermediate CAs, according to their order in the certification path.

1. Access the Digital Certificate Manager page by going to the following URL (where <system name or IP address> is the host name or IP address of your IBM i):
  • http://<system name or IP address>:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

2. Click the Select Certificate Store button. Choose *SYSTEM and sign in. Note: This document assumes that the *SYSTEM store has already been created and that the user knows the password for that store.

Picture showing the selection of the certificate store in DCM.

3. Select the Manage Certificates link on the left, and click on Import Certificate. Depending on what kind of certificate you are importing, make your next selection based on this. It will most likely be a CA certificate; therefore, you should select the option for CA certificate (Certificate Authority). Click Continue.

Picture showing certificate import, selection of certificate type.

4. On the next screen, you will have to put in a path and file name. This is the location and name of the file on the IFS of the IBM i. For example, if you stored the file in the '/home' directory and the file was called 'cert.txt' you would put in a path and file name of '/home/cert.txt'. Click Continue.

Picture showing DCM screen where the import file name is specified.

5. The next screen will ask you to create a CA certificate Label. This can be any name you want as long as it is unique (should not match any labels for any other certificates). I would recommend giving it a label name that matches what the certificate provider called it for ease of recognition. Click Continue.

Picture showing DCM screen where the certificate label is assigned.

6. You should receive a message saying the certificate has been imported. Click OK and you are done with the import process. Repeat as necessary for any other certificates required.

Picture showing confirmation message that the certificate was imported.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":["SGYQGH"],"label":["IBM i"]},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.4;7.3;7.2;7.1","Edition":""}]

Historical Number

548824369

Document Information

Modified date:
12 December 2019

UID

nas8N1012543