Just want to let everyone know I have been able to install a certificate generated from a Windows 2003 Domain CA. It was not easy but doable.
First is to figure out how to generate a Certificate request in DCM.
In DCM open the *SYSTEM certificate store
Click on Create Certificate
Select Server or client certificate - Continue
Select VeriSign or other Internet Certificate Authority (CA) - Continue
Fill out the form appropriately - Continue
Copy the Certificate request to a text file
Click on OK
Click on Cancel
Now you need to use this request in your Windows 2003 CA to generate a certificate.
Log in to your Certificate Sever web page:
http://YourServerName/certsrv
Choose Request a certificate
Advanced Certificate Request
Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Paste the saved request into the window and select Web Server for the Certificate Template and click on submit.
I choose the Base 64 encoded and clicked on Download certificate chain.
Save the certificate to your IFS. I use /home/certs/ directory and copy / paste using System I Navigator.
Back to DCM *SYSTEM certificate store.
Manage Certificates
Import Certificate
Server or client - Continue
Enter the path and file name to import and click on Continue
Next you can assign the certificate to any application you need
This is just a run down on how to use a 3rd party digital certificate on your iSeries and how you can generate using Certificate Services running on a windows 2003 domain member.
Chris Bipes
Director of Information Services
CrossCheck, Inc.
midrange.com
