Importing CA Certificate - IBM AS400

This is a discussion on Importing CA Certificate - IBM AS400 ; Hi, Can someone explain the process of importing a CA certificate into Digital Certificate Manager (DCM)? Lets say I want to import a Trusted Root Certificate Authority from the list on my microsoft internet explorer list (you can see them ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Importing CA Certificate

  1. Importing CA Certificate

    Hi, Can someone explain the process of importing a CA certificate into
    Digital Certificate Manager (DCM)?


    Lets say I want to import a Trusted Root Certificate Authority from the
    list on my microsoft internet explorer list (you can see them if via
    IE6 you go to tools, options, content, certificates, 'trusted root
    certificate authorities' tab).

    I can export it only to .CER or .P7B file. I then FTP it to the IFS

    When I go to DCM and select my &SYSTEM certificate store and do an
    'import CA certificate' end enter the path that the exported file sites
    on the IFS drive, it seems to be looking for a certificate in the .PFX
    because it asks for a password and there is none.

    I am trying to setup secure FTP with a client and they have given me
    their root certificate in .CER format. Its a valid certificate, I can
    look at it in windows and I can import it into my IE6 (windows)
    certificate store, but not DCM on the AS400 and its driving me nuts!

    Anyone know?

    TIA

    Stan


  2. Re: Importing CA Certificate

    I believe you need to use websphere to configure DCM, not sure on the
    rest of your questions though. You would do it via port 2001.


    spoliskey@hotmail.com wrote:
    > Hi, Can someone explain the process of importing a CA certificate into
    > Digital Certificate Manager (DCM)?
    >
    >
    > Lets say I want to import a Trusted Root Certificate Authority from the
    > list on my microsoft internet explorer list (you can see them if via
    > IE6 you go to tools, options, content, certificates, 'trusted root
    > certificate authorities' tab).
    >
    > I can export it only to .CER or .P7B file. I then FTP it to the IFS
    >
    > When I go to DCM and select my &SYSTEM certificate store and do an
    > 'import CA certificate' end enter the path that the exported file sites
    > on the IFS drive, it seems to be looking for a certificate in the .PFX
    > because it asks for a password and there is none.
    >
    > I am trying to setup secure FTP with a client and they have given me
    > their root certificate in .CER format. Its a valid certificate, I can
    > look at it in windows and I can import it into my IE6 (windows)
    > certificate store, but not DCM on the AS400 and its driving me nuts!
    >
    > Anyone know?
    >
    > TIA
    >
    > Stan



  3. Re: Importing CA Certificate

    DCM wants a root certificate in base64 format, so the .cer should be
    okay.

    When you open the *SYSTEM certificate store, you will be prompted for
    the certificate store password. Is that the password you write about? A
    ..pfx contains private keys. The *SYSTEM import of a trusted root
    imports public keys.

    Also, you may have been mislead by the name of the DCM menu item you
    chose. There are many menus for the DMC tool. The menu item names are
    not all that clear. DCM is nothing like keytool. If you want to find
    out more about DCM, there is Apache documentation in addition to the
    IBM documentation. IBM customized Apache code to build DCM. Note: IBM
    changed DCM a lot from the Apache version. The Apache documentation may
    give you a better understanding of what DCM is trying to do. You must
    use the IBM documentation for step-by-step details and specific
    definitions.

    Another problem you may face is not having the DCM password for the
    *SYSTEM store. If you don't have it, you will have to rebuild your
    entire keyring database.

    Lou


  4. Re: Importing CA Certificate

    Thanks for the response.

    No, I have the password for the *SYSTEM store. DCM asks me for a
    password when I try to import the .CER certificate as a CA.

    I am running V5R4 (tried this on V5R3) through the web admin on port
    2001.

    Has anyone done this, I am going mad trying to figure this out.

    The .CER is valid, I can look at it in windows, can import it into the
    windows certificate manager into the 'trusted root certification
    authorities tab'. I run into errors trying to import it into DCM.

    Does anyone have the procedure for exporting a certificate from the
    windows certificate manager (from 'trusted root certification
    authorities tab') then importing it into DCM as a CA certificate? The
    documentation doesn't seem to help me.



    Lou wrote:
    > DCM wants a root certificate in base64 format, so the .cer should be
    > okay.
    >
    > When you open the *SYSTEM certificate store, you will be prompted for
    > the certificate store password. Is that the password you write about? A
    > .pfx contains private keys. The *SYSTEM import of a trusted root
    > imports public keys.
    >
    > Also, you may have been mislead by the name of the DCM menu item you
    > chose. There are many menus for the DMC tool. The menu item names are
    > not all that clear. DCM is nothing like keytool. If you want to find
    > out more about DCM, there is Apache documentation in addition to the
    > IBM documentation. IBM customized Apache code to build DCM. Note: IBM
    > changed DCM a lot from the Apache version. The Apache documentation may
    > give you a better understanding of what DCM is trying to do. You must
    > use the IBM documentation for step-by-step details and specific
    > definitions.
    >
    > Another problem you may face is not having the DCM password for the
    > *SYSTEM store. If you don't have it, you will have to rebuild your
    > entire keyring database.
    >
    > Lou



+ Reply to Thread