Troubleshooting
Problem
This document details how to renew a server certificate issued by the Local Certificate Authority on an IBM i using Heritage Digital Certificate Manager.
Resolving The Problem
NOTE: If you would like to use the updated Digital Certificate Manager for i interface, see the following documentation:
This document details how to renew a server certificate issued by the Local CA on a IBM i. This document assumes that Heritage Digital Certificate Manager (DCM) has already been configured with a Local CA and a server certificate issued by that Local CA. It also assumes that the ADMIN instance is active, and you can access it from your browser. It also assumes that you have a Web Administrator level profile with *ALLOBJ and *SECADM special authority.
How to Renew a Local Server Certificate
A. Access the Digital Certificate Manager tool
From a web browser we will type the following URL (replace systemname with either the system name or IP address of the system):
http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0
B. Locate the server certificate you want to renew.
1. Click the Select a Certificate Store button. Enter your profile and password.
2. Click the bullet next to *SYSTEM, and click Continue.
3. Enter the Certificate store password, and click Continue. Note: If you do not know the password to the store, you should be able to reset the password by clicking on the Reset Password button.
4. On the left panel, click the triangle next to 'Fast Path' to expand the section.
5. Under 'Fast Path', click the link to Work with Server and Client Certificates. The screen shows the current server certificates.
6. You may use the View function to help determine which server certificate you want to renew.
C. Renew the server certificate.
1. Click the bullet next to the server certificate that you want to renew, and then click the button to Renew.
2. Click the bullet next to Local Certificate Authority (CA), and then click Continue.
3. Enter a unique label for the new certificate in the New certificate label box. You may also modify the other fields to suit your needs. Then click Continue.
4. You will be presented with a list of applications. Check all the applications that you want to use the new certificate. (Typically, this means to check all the applications that have the old certificate assigned to them.) Then click Continue.
5. You should receive a message stating The applications you selected will use this certificate. Click OK.
D. At this point, you have renewed the server certificate.
For most applications, in order to use the newly assigned certificate, you will need to end each application and start each application again.
How to Renew a Local Server Certificate
A. Access the Digital Certificate Manager tool
From a web browser we will type the following URL (replace systemname with either the system name or IP address of the system):
http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0
B. Locate the server certificate you want to renew.
1. Click the Select a Certificate Store button. Enter your profile and password.
2. Click the bullet next to *SYSTEM, and click Continue.
3. Enter the Certificate store password, and click Continue. Note: If you do not know the password to the store, you should be able to reset the password by clicking on the Reset Password button.
4. On the left panel, click the triangle next to 'Fast Path' to expand the section.
5. Under 'Fast Path', click the link to Work with Server and Client Certificates. The screen shows the current server certificates.
6. You may use the View function to help determine which server certificate you want to renew.
C. Renew the server certificate.
1. Click the bullet next to the server certificate that you want to renew, and then click the button to Renew.
2. Click the bullet next to Local Certificate Authority (CA), and then click Continue.
3. Enter a unique label for the new certificate in the New certificate label box. You may also modify the other fields to suit your needs. Then click Continue.
4. You will be presented with a list of applications. Check all the applications that you want to use the new certificate. (Typically, this means to check all the applications that have the old certificate assigned to them.) Then click Continue.
5. You should receive a message stating The applications you selected will use this certificate. Click OK.
D. At this point, you have renewed the server certificate.
For most applications, in order to use the newly assigned certificate, you will need to end each application and start each application again.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0"}]
Historical Number
537368406
Was this topic helpful?
Document Information
Modified date:
13 October 2022
UID
nas8N1012722