Set up digital certificates on IBM i - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

AWS Mainframe Modernization - Data Replication for IBM i

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
Language
English
Product name
AWS Mainframe Modernization
Title
AWS Mainframe Modernization - Data Replication for IBM i
Copyright
2024
First publish date
2003
Last updated
2024-02-01
Published on
2024-02-01T23:02:31.099696

Digital Certificate Manager (DCM) lets you manage digital certificates for your network and use SSL to enable secure communications for many applications. DCM also lets you manage certificates that you obtain from any Certificate Authority (CA). If you choose to use a default trusted CA, you don’t need to create your own CA, nor export/import the CA certificate between the server and client. In this example, we use DCM to create and operate our own local CA to sign certificates.

Note: The profile accessing DCM needs to have *SECADM and *ALLOBJ authority.

To check user profile authority, execute the command below and check for special authority section.

DSPUSRPRF USRPRF (UserProfileName)

  1. Open a Web browser and enter http://your_system:2001/ to load the IBM System Director Navigator for i5/OS Web console.

  2. From the welcome page, click IBM i Tasks Page and select Digital Certificate Manager.

  3. Click Create New Certificate Store to create the *SYSTEM certificate store.

  4. Specify No - Do not create a certificate in the certificate store. If *SYSTEM is not listed, a certificate store already exists on your system. In that case, skip to step 6.

  5. Click Create a Certificate Authority (CA) to create a CA. When you get to the step regarding the *OBJECTSIGNING store, click Cancel so the store is not created.

  6. Click Select a Certificate Store to open the *SYSTEM Certificate Store.

  7. Select Manage Certificates>View certificate to ensure the CA has LOCAL_CERTIFICATE_AUTHORITY listed.

  8. Click Create Certificate to create a Server or client certificate.

  9. Click Local Certificate Authority (CA) to sign the certificate and assign the certificate to the following servers:

    1. Toolbox: Database Server, Signon Server

Note: If the Local CA is not listed, you may need to log out of DCM and log back in for recent changes to appear.