IBM Support

How to Import a CA Certificate into Digital Certificate Manager

Technote (troubleshooting)


Problem(Abstract)

This document explains how to import a Certificate Authority (CA) certificate into Digital Certificate Manager (DCM).

Resolving the problem

This document explains how to import a Certificate Authority (CA) certificate into Digital Certificate Manager (DCM). If the import fails with a message that the file is not found, the full IFS name: /directorypath/filename.extension was entered incorrectly. If the import fails with a message that the issuer is not in the store, CA certificates in the certification path are missing. The root CA needs to be imported first, then any intermediate CAs, according to their order in the certification path.

1. Access the Digital Certificate Manager page by going to the following URL (where systemname is the host name or IP address of your IBM i):

    http:// systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0


2. Click the Select Certificate Store button. Choose *SYSTEM and sign in. Note: This document assumes that the *SYSTEM store has already been created and that the user knows the password for that store.

Picture showing the selection of the certificate store in DCM.

3. Select the Manage Certificates link on the left, and click on Import Certificate. Depending on what kind of certificate you are importing, make your next selection based on this. It will most likely be a CA certificate; therefore, you should select the option for CA certificate (Certificate Authority). Click Continue.

Picture showing certificate import, selection of certificate type.

4. On the next screen, you will have to put in a path and file name. This is the location and name of the file on the IFS of the IBM i. For example, if you stored the file in the '/home' directory and the file was called 'cert.txt' you would put in a path and file name of '/home/cert.txt'. Click Continue.

Picture showing DCM screen where the import file name is specified.

5. The next screen will ask you to create a CA certificate Label. This can be any name you want as long as it is unique (should not match any labels for any other certificates). I would recommend giving it a label name that matches what the certificate provider called it for ease of recognition. Click Continue.

Picture showing DCM screen where the certificate label is assigned.

6. You should receive a message saying the certificate has been imported. Click OK and you are done with the import process. Repeat as necessary for any other certificates required.

Picture showing confirmation message that the certificate was imported.

Cross reference information
Segment Product Component Platform Version Edition
Operating System IBM i 7.1
Operating System IBM i 6.1

Historical Number

548824369

Document information

More support for: IBM i
Communications-TCP

Software version: 5.4.0, 5.4.5, 6.1, 6.1.0, 6.1.1, 7.1, 7.1.0

Operating system(s): IBM i

Reference #: N1012543

Modified date: 01 April 2013