Setting up the SSL *SYSTEM Store on IBM i

This process will guide you through initial setup with IBM’s Digital Certificate Manager (DCM) and either creating the *SYSTEM certificate store if it does not exist, or confirming you can access it if it already does exist.

Doing this allows you to perform further SSL/TLS configuration and enables your IBM i system to interact as a client to other external servers requiring secure SSL/TLS connections as well as act as a server to offer your own secure SSL/TLS service. Most web services available today expect to use SSL/TLS.

Accessing DCM

To begin, verify that the *ADMIN HTTP server job is running with the following command:

WRKSBSJOB SBS(QHTTPSVR)

If you don’t see *ADMIN in the list, please run the following command to start it:

STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

After you’ve ensured that the *ADMIN server is running, open a web browser, and go to http://YourIBMIPAddress:2006/dcm/ - you should see a login page as seen below:

DCM Login

You will want to log in to DCM using a profile with elevated permissions.

Creating Certificate Store

These steps can also be followed to create any certificate store, in addition to the *SYSTEM store.

Click on the “Create Certificate Store” link:

DCM Home Page

Select the *SYSTEM store option:

Selecting *SYSTEM Store

Set a password and click “Create”:

Specifying the Password

If you are creating a non-*SYSTEM store, you may also need to specify an IFS file path where the certificate store will be located.

Verifying *SYSTEM Certificate Store Access

Return to the main screen of DCM by clicking the “Home” button in the left navigation menu:

Return to DCM Home

Click “Open Certificate Store”:

Open Certificate Store

Select the *SYSTEM store. Enter your certificate store password and click “Open”:

Logging in to *SYSTEM Store

Once logged in, you should see a screen like this:

*SYSTEM Store Home Page