News
Abstract
Digital Certificate Manager (DCM) has multiple enhancements to improve the user experience and provide additional functions to the base security components.
Content
You are in: IBM i Technology Updates > IBM i Security > Digital Certificate Manager (DCM) enhancements
Digital Certificate Manager (DCM) has multiple enhancements to improve the user experience and provide additional functions to the base security components.
- View certificate hierarchy to manage a certificate chain
The ability to view a certificate hierarchy from the chosen certificate to the root certificate is available by selecting View Certificate Hierarchy button from a certificate’s action menu which displays the details of each certificate in the certificate chain.
- Selectively export a certificate with or without including associated private key
Exporting a certificate with a private key creates a password protected PKCS#12 file containing the end-entity and issuer certificates along with the private key. If the private key is not required for this export action, unchecking the Include Private Key check box will export the certificate as a single Base64 certificate file.
- Improve add and remove certificate assignments with filter and actions
Assigning a certificate to application definitions has been improved by adding an Assigned filter which shows the applications where the certificate is currently assigned. There is also a Select All Assigned button which adds a checkmark to all applications that have the certificate assigned. Selecting Remove will then remove the certificate from all applications that currently have that certificate assignment.
- Enable TLS to secure host server ports
DCM has the ability to connect to secure host server ports when configured using the IBM Navigator for i interface. From Serviceability -> Connection Properties, select TLS Connection and then the Digital Certificate Manager tab. By enabling the TLS Enabled toggle, DCM will attempt a TLS connection to secure host server ports the next time ADMIN3 server instance is started.
When using DCM with TLS enabled, the about page will show a read-only toggle stating secure host server connections are enabled.
- Support for Multi-Factor Authentication
On systems enabled for MFA, an additional factor field is presented where the user can enter their time-based one-time password or other additional factor needed for authentication to the system.
- Add a show/hide eye-icon for login password field
To ensure the entered value is the correct password, a user can click the eye-icon to display or hide their password on the login screen.
Apply the latest IBM HTTP Server for i Group PTF to enable these features.
| IBM i Version | HTTP Server Group Number | Minimum Level |
|---|---|---|
| IBM i 7.6 | SF99962 | 1 |
| IBM i 7.5 | SF99952 | 20 |
| IBM i 7.4 | SF99662 | 41 |
| IBM i 7.3 | SF99722 | 59 |
For more information on DCM, see the Digital Certificate Manager topic in IBM Documentation
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"},{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;7.5.0;7.6.0"}]
Was this topic helpful?
Document Information
Modified date:
08 April 2025
UID
ibm17229964