Digital Certificate Manager APIs

You are in: IBM i Technology Updates > General IBM i Operating System > Digital Certificate Manager APIs

These three APIs provide Application Definition certificate assignment capabilities.  An Application Definition, also known as Application ID, is created and maintained in DCM for use by System TLS based applications. 

• Remove a certificate assignment from an application (QycdRemoveCertUsage).
• Add a certificate assignment to an application (QycdUpdateCertUsage).
• Retrieve information about the certificate currently assigned to an application (QycdRetrieveCertUsageInfo).

These three APIs provide Certificate Authority (CA) Trust List configuration capabilities.  A CA Trust List is an optional configuration for Application Definitions.  The list allows individual applications to trust a different set of CAs from other applications.   

• Add a CA certificate to the CA certificate trust list (QycdAddCACertTrust).
• Remove a CA certificate from the CA certificate trust list (QycdRemoveCACertTrust).
• Check if CA certificate is in the CA certificate trust list (QycdCheckCACertTrust).

This API is used in a two-step process to renew an existing certificate residing in the system certificate store.

• Request a certificate renewal and import certificate into system store (QycdRenewCertificate).

With the first call, a CSR (Certificate Signing Request) is generated based on an existing certificate.  After out of band processing of the CSR is complete, the second call imports the issued certificate into the system certificate store.

Refer to the IBM i Knowledge Center documentation for Digital Certificate Management APIs for additional information.