Setting up the SSL *SYSTEM Store on IBM i
This process will guide you through initial setup with IBM’s Digital Certificate Manager (DCM) and either creating the *SYSTEM certificate store if it does not exist, or confirming you can access it if it already does exist.
Doing this allows you to perform further SSL/TLS configuration and enables your IBM i system to interact as a client to other external servers requiring secure SSL/TLS connections as well as act as a server to offer your own secure SSL/TLS service. Most web services available today expect to use SSL/TLS.
Accessing DCM
To begin, verify that the *ADMIN HTTP server job is running with the following command:
WRKSBSJOB SBS(QHTTPSVR)
If you don’t see *ADMIN in the list, please run the following command to start it:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
After you’ve ensured that the *ADMIN server is running, open a web browser, and go to http://YourIBMIPAddress:2006/dcm/ - you should see a login page as seen below:
You will want to log in to DCM using a profile with elevated permissions.
Creating Certificate Store
These steps can also be followed to create any certificate store, in addition to the *SYSTEM store.
Click on the “Create Certificate Store” link:
Select the *SYSTEM store option:
Set a password and click “Create”:
If you are creating a non-*SYSTEM store, you may also need to specify an IFS file path where the certificate store will be located.
Verifying *SYSTEM Certificate Store Access
Return to the main screen of DCM by clicking the “Home” button in the left navigation menu:
Click “Open Certificate Store”:
Select the *SYSTEM store. Enter your certificate store password and click “Open”:
Once logged in, you should see a screen like this: