Troubleshooting
Problem
This document includes steps to renew a local CA.
Resolving The Problem
You should follow the steps below to renew a Local Certificate Authority on the IBM i:
1. |
Sign into Digital Certificate manager: (//systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0) |
2. | On the left panel, click Select a Certificate Store, and then check the bullet Local Certificate Authority (CA). Click Continue: |
3. | Sign into the Local CA store (or click Reset if you do not remember the password). |
4. | On the left panel, expand the Manage Local CA section, and click Renew: |
5. | The renew option will pull in the information from the existing CA certificate. You should assign a new certificate authority name. Also, it is recommended that you increase the key size to at least 2048 and the validity period of the CA to 7300 days (20 years). Click Continue. |
6. | The next screen will provide an opportunity to install the new Local CA into your web browser. You can do this now if you would like. The option will be available later on the left panel. Click Continue. |
7. | The next screen asks applications will trust the new Local CA. It is recommended that you check the Telnet server; however, you can select whichever servers are needed. Click Continue. |
8. | You now should see a green status message stating The applications you selected will trust this Certificate Authority (CA): |
9. | On the left panel, under Manage the Local CA, click the link to Change Policy Data. It is recommended that you set the validity period to the maximum 2000 days. |
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0"}]
Historical Number
581228641
Was this topic helpful?
Document Information
Modified date:
22 September 2022
UID
nas8N1011872