Using the digital certificate when running your Java application
To use transport layer security (TLS), you must run your Java™ application using a digital certificate.
- os400.certificateContainer
- os400.certificateLabel
For example, if you want run the Java application
MyClass.class using the digital certificate MYCERTIFICATE, and MYCERTIFICATE
was in the digital certificate container YOURDCC, then the java command
would look like this:
java -Dos400.certificateContainer=YOURDCC -Dos400.certificateLabel=MYCERTIFICATE MyClass
If you have not already decided which digital certificate to use, see Selecting a digital certificate. You may also decide to use your system's default certificate, which is stored in the system's default certificate container.
To use your system's default digital certificate, you do not need to specify a certificate or a certificate container anywhere. Your Java application uses your system's default digital certificate automatically.
Digital certificates and the -os400.certificateLabel property
Digital certificates are an Internet standard for
identifying secure systems, users, and applications. Digital certificates
are stored in digital certificate containers. If you want to use a
digital certificate container's default certificate, you do not need
to specify a certificate label. If you want to use a specific digital
certificate, you must specify that certificate's label in the java command
using this property:
os400.certificateLabel=
For
example, if the name of the certificate you want to use is MYCERTIFICATE,
then the java command you enter would look like this:
java -Dos400.certificateLabel=MYCERTIFICATE MyClass
In this example, the Java application MyClass would use the certificate MYCERTIFICATE. MYCERTIFICATE would need to be in the system's default certificate container to be used by MyClass.
Digital certificate containers and the -os400.certificateContainer property
Digital certificate containers store digital certificates.
If you want to use the IBM i system
default certificate container, you do not need to specify a certificate
container. To use a specific digital certificate container, you need
to specify that digital certificate container in the java command
using this property:
os400.certificateContainer=
For
example, if the name of the certificate container that contains the
digital certificate you want to use is named MYDCC, then the java command
you enter would look like this:
java -Dos400.certificateContainer=MYDCC MyClass
In this example, the Java application, named MyClass.class, would run on the system by using the default digital certificate that is in the digital certificate container named MYDCC. Any sockets that you create in the application use the default certificate that is in MYDCC to identify themselves and make all of their communications secure.
If you wanted to use the digital
certificate MYCERTIFICATE in the digital certificate container, then
the java command that you would enter would look
like this:
java -Dos400.certificateContainer=MYDCC -Dos400.certificateLabel=MYCERTIFICATE MyClass