IBM Support

How to Renew a Local Certificate Authority (CA) in Heritage Digital Certificate Manager (DCM)

Troubleshooting


Problem

This document includes steps to renew a local CA.

Resolving The Problem

You should follow the steps below to renew a Local Certificate Authority on the IBM i:

1.

 Sign into Digital Certificate manager:
(//systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0)
2. On the left panel, click Select a Certificate Store, and then check the bullet Local Certificate Authority (CA). Click Continue:

Picture of DCM 'Select a Certificate Store' button
3. Sign into the Local CA store (or click Reset if you do not remember the password).
4. On the left panel, expand the Manage Local CA section, and click Renew:

Picture of Local CA menu - Manage Local CA Renew
5. The renew option will pull in the information from the existing CA certificate. You should assign a new certificate authority name. Also, it is recommended that you increase the key size to at least 2048 and the validity period of the CA to 7300 days (20 years). Click Continue.

Picture of the renew Local CA Screen
6. The next screen will provide an opportunity to install the new Local CA into your web browser. You can do this now if you would like. The option will be available later on the left panel. Click Continue.
7. The next screen asks applications will trust the new Local CA. It is recommended that you check the Telnet server; however, you can select whichever servers are needed. Click Continue.
8. You now should see a green status message stating The applications you selected will trust this Certificate Authority (CA):

Picture of successful status message.
9. On the left panel, under Manage the Local CA, click the link to Change Policy Data. It is recommended that you set the validity period to the maximum 2000 days.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0"}]

Historical Number

581228641

Document Information

Modified date:
22 September 2022

UID

nas8N1011872

Page Feedback