Requesting a server certificate on IBM i

Digital certificates protect against impersonation, certifying that a public key belongs to a specified entity. A new server certificate can be requested from a certificate authority using the Digital Certificate Manager (DCM).

About this task

Perform the following steps in a Web browser:

Procedure

  1. Access the DCM interface, as described in Accessing DCM.
  2. In the navigation panel, click Select a Certificate Store.
    The Select a Certificate Store page is displayed in the task frame.
  3. Select the certificate store you want to use and click Continue.
  4. Optional: If you selected *SYSTEM in step 3, enter the system store password and click Continue.
  5. Optional: If you selected Other System Certificate Store in step 3, in the Certificate store path and filename field, type the IFS path and file name you set when you created your certificate store. Also type a password in the Certificate Store Password field. Then click Continue
  6. In the navigation panel, click Create Certificate.
  7. In the task frame, select the Server or client certificate radio button and click Continue.
    The Select a Certificate Authority (CA) page is displayed in the task frame.
  8. If you have a local CA on your workstation you choose either the local CA or a commercial CA to sign the certificate. Select the radio button for the CA you want and click Continue.
    The Create a Certificate page is displayed in the task frame.
  9. Optional: For a queue manager, in the Certificate label field, enter the certificate label.
    The label is either the value of the CERTLABL attribute, if it is set, or the default ibmwebspheremq with the name of the queue manager appended, all in lowercase. See Digital certificate labels for details.
    For example, for queue manager QM1, type ibmwebspheremqqm1 to use the default value.
  10. Optional: For an IBM® MQ MQI client, in the Certificate label field, type ibmwebspheremq followed by your logon user ID folded to lowercase.
    For example, type ibmwebspheremqmyuserID
  11. Type appropriate values in the Common Name and Organization fields, and select a country. For the remaining optional fields, type the values you require.

Results

If you selected a commercial CA to sign your certificate, DCM creates a certificate request in PEM (Privacy-Enhanced Mail) format. Forward the request to your chosen CA.

If you selected the local CA to sign your certificate, DCM informs you that the certificate has been created in the certificate store and can be used.