Acting as your own CA

After careful review of your security needs and policies you have decided to be your own Certificate Authority (CA). You can now start Digital Certificate Manager (DCM) so that you can create and operate your own CA. DCM provides you with a guided task path that takes you through this process. The task path takes you through creating the CA itself, as well as to several additional tasks. This ensures that you have everything set up to start to use digital certificates for SSL security

Note:If you intend to use certificates with the HTTP Web Server for AS/400, you should create and configure your web server instance. This should be done prior to starting DCM. When you configure a web server instance to use SSL, an application ID is generated for the server instance. You must make a note of this application ID so that you can use DCM to specify which certificate this application should use for SSL. Do not end and restart the server instance until you use DCM to assign a certificate to the server instance.
Note:If you end and restart the *ADMIN instance of the web server prior to assigning a certificate to it, the server will not start and you will not be able to use DCM to assign a certificate. Also, the user will not be able to use DCM to assign a certificate.

To use DCM to create and operate a local CA, complete these tasks:

  1. Start a DCM session.
  2. In the left-hand navigation frame of DCM, select Certificate Authority (CA) task.
  3. Select the Create a Certificate Authority task. This displays the first of a series of forms. These will guide you through the process of creating a CA and completing other tasks needed to begin to use digital certificates and SSL.
    Note:f you have questions about how to complete a specific form in this guided task, select the question mark (?) button at the top of the page to access the on-line help.
  4. Complete all the forms for this guided task. These forms cover all the tasks you need to perform to set up a working CA, including:
    1. Creating a Certificate Authority.
    2. Installing the Certificate Authority Certificate on your PC or browser.
    3. Choosing the policy data for your Certificate Authority.
    4. Selecting which applications should trust your Certificate Authority.
    5. Creating a system certificate signed by your Certificate Authority.
    6. Selecting which applications should use the system certificate for SSL

With these tasks complete, your local CA is up and running and the secured applications that you selected can begin using SSL . Users that will access these applications through an SSL connection must have a copy of the CA certificate on their PC or in their browser. This is so that they can authenticate the server's identity as part of the SSL negotiation process.

Before a user can access the selected applications through an SSL connection, the user must install a copy of the CA certificate. The CA certificate must be copied to a file on the user's PC or downloaded into the user's browser, depending on the requirements of the SSL-enabled application.

You can also use this CA to copy a certificate and export it to another AS/400 in your network. You will need to use DCM on the other system to receive a CA certificate to complete this task.

[ Information Center Home Page | Feedback ] [ Legal | AS/400 Glossary ]