Appendix D: Creating a Certificate using the Digital Certificate Manager (DCM)

Use the following instructions to create and export a Digital Certificate (also called a Certificate Authority) using IBM's Digital Certificate Manager (DCM).

  1. Open the Digital Certificate Manager by going to http://your server name:2001/QIBM/ICSS/Cert/admin/qycucm1.ndm/main0.
    2. EXAMPLE:
    http://your server name:2001/QIBM/ICSS/Cert/admin/qycucm1.ndm/main0
    NOTE: To open this URL, the http server must be running on your IBM i system. To start the http server, use the following command:
    STRTCPSVR SERVER(*HTTP) HTTPSVR(*admin)
  2. Click Select a Certificate Store.
  3. Choose *SYSTEM and click Continue.
  4. Enter the Certificate Store password and click Continue.
  5. Choose Create Certificate from the list on the left.
  6. Choose Server or Client Certificate and click Continue.
  7. Choose Local Internet Certificate Authority (CA) and click Continue.
  8. Enter the requested information and click Continue.

  9. Send the Certificate Authority to the person in charge of the SKLM server. See IBM Security Key Lifecycle Manager (SKLM) in Appendix C: Adding a Client Certificate to an External Key Manager for details.

  1. Open the Digital Certificate Manager by going to http://your server name:2001/QIBM/ICSS/Cert/admin/qycucm1.ndm/main0.
    2. EXAMPLE:
    http://your server name:2001/QIBM/ICSS/Cert/admin/qycucm1.ndm/main0
    NOTE: To open this URL, the http server must be running on your IBM i system. To start the http server, use the following command:
    STRTCPSVR SERVER(*HTTP) HTTPSVR(*admin)
  2. Click Select a Certificate Store.
  3. Choose *SYSTEM and click Continue.
  4. Enter the Certificate Store password and click Continue.
  5. Choose Create Certificate from the list on the left.
  6. Choose Server or Client Certificate and click Continue.
  7. Choose VeriSign or Other Internet Certificate Authority (CA) and click Continue.
  8. Enter the requested information and click Continue.
  9. Copy and paste the data, including both the Begin request and End request lines, into a file and send it to the server.

     

  10. Import the signed certificate back in. See Safenet or Vormetric in Appendix C: Adding a Client Certificate to an External Key Manager for details.