We are installing a firewall in front of our iSeries webserver .. this
firewall is pretty fancy, and inspects HTTP requests for hacking
attempts.

It also inspects HTTPS, but of course, one needs to install the
"Server Certificate" on the firewall, so that, SSL HTTPS transactions
can be decrypted on the firewall, inspected, and re-encrypted.

The screen that you upload your "Server Certificate" has 3 inputs:
1. Certificate Password (For PKCS12 certs Only)

2. Certificate Key (This is an unencrypted private key to accompany a
X509 certificate. This is not required if you are uploading a PKCS12
token (*.pfx) This key must be unencrypted and it should be in PEM
format. ) -- This box prompts you for a FILE.

3. Upload Signed Certificate (prompts you for a FILE)

... Now .. the Digital Certificate Manager on the iSeries (V5r4) can
"export" keys into a file. And, I also have a copy of the Cert file
that our SSL provider (GoDaddy.com) gave us.

But neither of these files fulfill the #2 and #3 items above in any
sequence.

I am guessing that #3 is the GoDaddy.com SSL cert file. I have no
idea how I can retrieve the As400's "Private Key".

Any ideas on what to do next? Where does one find the "unencrypted
private key" for the iSeries? -- I have gone through every menu option
on the DCM to no avail. Any help anyone can provide would be
enormously appreciated.

Thank you!