Gary L Peskin wrote:
If I remember correctly, the iSeries JRE uses DCM for the certificates by
default. You can create a private certificate store with DCM.

What are the values for

ssl.KeyManagerFactory.algorithm
ssl.TrustManagerFactory.algorithm

in your <jre-home>/lib/security/java.security file?

ssl.KeyManagerFactory.algorithm=IbmISeriesX509
ssl.TrustManagerFactory.algorithm=IbmISeriesX509

I'm going down the DCM route now ... but I can't get my CA cert (.der
file) imported into the trust store.

I keep getting a "Parameter is not valid. Check for previous errors that
may have caused this" error in the DCM and a problem is logged on
QSYSOPR. The same error happens on both V5R2 & V5R3.

I think I'm going to have to call IBM on this.

Anyone know what kind of certificate the DCM is expecting when importing
a new CA cert into the *SYSTEM certificate store?

The CA certificate was generated using this command on a Windows system
runing JVM 1.5:
keytool -export -alias <hostname> -keystore data/tls/certificate.p12
-storetype pkcs12 -file certificate.der

Thanks!

david


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.