Digital Certificate Manager (DCM) lets you manage digital certificates for your network and use SSL to enable secure communications for many applications. DCM also lets you manage certificates that you obtain from any Certificate Authority (CA). If you choose to use a default trusted CA, you don’t need to create your own CA, nor export/import the CA certificate between the server and client. In this example, we use DCM to create and operate our own local CA to sign certificates.
To check user profile authority, execute the command below and check for special authority section.
DSPUSRPRF USRPRF (UserProfileName)
-
Open a Web browser and enter http://your_system:2001/ to load the IBM System Director Navigator for i5/OS Web console.
-
From the welcome page, click IBM i Tasks Page and select Digital Certificate Manager.
-
Click Create New Certificate Store to create the *SYSTEM certificate store.
-
Specify No - Do not create a certificate in the certificate store. If *SYSTEM is not listed, a certificate store already exists on your system. In that case, skip to step 6.
-
Click Create a Certificate Authority (CA) to create a CA. When you get to the step regarding the *OBJECTSIGNING store, click Cancel so the store is not created.
-
Click Select a Certificate Store to open the *SYSTEM Certificate Store.
-
Select Manage Certificates>View certificate to ensure the CA has LOCAL_CERTIFICATE_AUTHORITY listed.
-
Click Create Certificate to create a Server or client certificate.
-
Click Local Certificate Authority (CA) to sign the certificate and assign the certificate to the following servers:
-
Toolbox: Database Server, Signon Server
-