Yes - certificates can be imported into DCM that are *not* created from a request generated from DCM. We (and our customers) do that as a matter of course. One wild-card certificate generated for a domain, to be deployed on any web-facing server, can also be imported into DCM and associated with an application. The only thing you need to be careful to do is import the whole CA chain before importing the certificate itself, otherwise the import fails with an error that gives no clue as to the underlying cause. I wrote a little forum post about it some time ago. I will post a link if you think it will be of use.
-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of paul.roy@xxxxxxx
Sent: 27 October 2014 19:10
To: web400@xxxxxxxxxxxx
Subject: Re: [WEB400] WEB400 Digest, Vol 12, Issue 104
We are running IBM i 7.1
I have looked in 7.2 memo to users but did not find anything about that .
Would it be possible to generate the Certificate on another system and then import the certificate with its private key into the DCM ?
thank you,
Paul
------------------------------
message: 2
date: Mon, 27 Oct 2014 11:35:07 -0500
from: Bradley Stone <bvstone@xxxxxxxxx>
subject: Re: [WEB400] Generate a digital certificate signing request
hashed with SHA256
Paul,
What OS level are you at in trying to do this.
I know with SHA256 IBM was a little behind in offering this, and even
importing CAs required a host of PTFs. If you're on anything older than
V6R1 you'll probably be out of luck.
If you are on V6R1 or higher, I would call IBM support and ask what you
need to get it to work.
Brad
www.bvstools.com
On Mon, Oct 27, 2014 at 11:27 AM, <paul.roy@xxxxxxx> wrote:
Hi,
I have been able to install several web sites with HTTPS, but I am stuck
now with a new requirement of the security department of the company.
Usually, I have used DCM to generate the CSR (Certificate Signature
Request) , send it and the I received the signed certificate back for
import....
Now the security department refuses the CSR because the signature
algorithm SHA1 is deprecated and they require it to be at least SHA256.
I could not find any option in the DCM or in the API .
Does anybody know a way to issue the CSR with the required SHA256
algorithm ?
thank you,
Paul
--
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/web400.
NOTICE: The information in this electronic mail transmission is intended by CoralTree Systems Ltd for the use of the named individuals or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone, so that the sender's address records can be corrected.
--------------------------------------------------------------------------------
CoralTree Systems Limited
Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton
Hampshire
SO15 2EA
VAT Registration Number 834 1020 74.
midrange.com
