Question & Answer
Question
How can IBM i Access Client Solutions (ACS) share a common SSL Environment?
Cause
By default the IBM i Access Client Solutions (ACS) software leverages a separate SSL Keystore file for each user of the client operating system. Is there a way for IBM i ACS to change this so that all users use the same SSL Keystore file?
Answer
The IBM i Access Client Solutions (ACS) com.ibm.iaccess.AcsBaseDirectory sets the location where all IBM i ACS configuration information is stored. The default value is the workstation user's My Documents or Personal Folder followed by IBM/iAccessClient.
Even if this AcsBaseDirectory property is set to a common location like C:\IBMiACS, there is an IBM/iAccessClient/Private directory that contains a folder for each client workstation user that contains their SSL Keystore file (cacerts) separate for each user. This is primarily for support of private user certificates.
There are cases where it would be helpful for all users of IBM i ACS to use the same SSL Keystore file and this can be influenced with the "com.ibm.iaccess.CertFile" property to specify the 'cacerts' file that should be used by all users of this IBM i ACS distribution.
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1021360