Troubleshooting
Problem
This document provides information about how to export a local Certificate Authority (CA) certificate and a Server certificate from an IBM i Server and import them to a client IBM i System using Heritage DCM.
Environment
As secure communications occur within a client/server environment, this document uses the following terminology:
'Client system' = The system initiating the connection
'Server system' = The system serving the connection request
This document assumes the Server system already has SSL certificates configured.
For import/export using updated DCM refer to this page:
ibm.com/support/pages/node/7006531
If you need assistance with creating, importing or administrating digital certificates please refer to our frequently asked question for DCM (Digital Certificate Manager).
DCM Frequently Asked Questions:
Heritage DCM Questions:
Resolving The Problem
Server system
On the Server system, do the following:
Step 1: Access the Heritage Digital Certificate Manager (DCM):
a. | Access the Heritage DCM page with the following URL (replace 'systemA' with the host name or IP address of the Server system.): http://systemA:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0 |
b. | Click the button for Select a Certificate Store. |
c. | Select the *SYSTEM store, and type the store password. |
Step 2: Export the server certificate:
a. | Under Fastpath, click Work with Server and Client Certificates. |
b. | Click the bullet for the server certificate being used, then click Export. |
c. | Type the full Integrated File System path and file name. For this example, we use /home/profile/SERVER.pfx. Enter a password for the file. |
Step 3: Export just the CA certificates, if needed:
a. | Expand the Fastpath section, and click Work With CA Certificates. |
b. | Click the bullet for the certificate authority being used, which in this case is the Local Certificate Authority. Then click Export. |
c. | Type the full Integrated File System path and file name. For this example, we use /home/profile/CA.txt. |
Step 4: Move the certificate(s) from the Server system to the Client system:
a. | Open an FTP connection from the Server to the Client system. |
b. | Using BINARY mode, move the server certificate using the following FTP command: PUT /home/profile/SERVER.pfx /home/profile/SERVER.pfx |
c.
|
Using ASCII mode, move the CA certificate using the following command: PUT /home/profile/CA.txt /home/profile/CA.txt |
Client system
On the Client system, do the following:
Step 5: Access the Heritage Digital Certificate Manager (DCM):
1. | Access the Heritage DCM page with the following URL (replace 'systemB' with the host name or IP address of the Client system.): http://systemB:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0 |
2. | Click the button for Select a Certificate Store. |
3. | Select the *SYSTEM store, and type the store password. |
Step 6: Import the Server certificate:
1. | Under Fastpath, click Work with Server and Client Certificates. |
2. | Click the Import button. For the path, type /home/profile/SERVER.pfx. Enter the file password and the label (if prompted). |
Step 7: Import just the CA certificate, if needed:
1. | Expand the Fastpath section, and click Work With CA Certificates. |
2. | Click the Import button. For the path, type /home/profile/CA.txt. For the label, use something unique, like Local CA fromServerX. |
Step 8: Use the new Server certificate on the Client system:
1. | Click the bullet next to the new certificate, and click Assign to Applications. |
2. | Select the applications that will use the new certificate, and click Continue. |
3. | End and restart the applications to pick up the new certificate assignment. |
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CL7AAM","label":"Communications"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Historical Number
465357961
Product Synonym
Digital Certificate Manager;DCM
Was this topic helpful?
Document Information
Modified date:
30 June 2023
UID
nas8N1014073