Our organisation uses a combination of its own Certificate Management (for
internal servers) and external for web sites etc.
I am trying to create a SSL connection between an IBMi 7.3 system and a
Wintel server.
Our internal CA system uses the following process
1. Use an online form to request the cert (provide DNS, OU, ORG etc.)
2. System spits back a unique reference number
3. Use this reference number to create a CSR using the Windows certreq
command referencing a small inf file with the reference number
4. The output will be a CSR
5. Sign this CSR using an online portal providing the reference number and
a text reference which will then spit out a CER file
Trouble DCM does not know what to do this. Loading it into DCM produces an
error message
https://www.ibm.com/support/pages/asn1-encodingdecoding-error-occurred
An asn.1 encoding/decoding error occurred
So I load the cert into Chrome and output the cert in p7b format and
transfer that to the IBMi box. When I try to load that I get an error about
there was no corresponding request found to match this certificate. I guess
that means no CSR was created to sign.
Our certificate folks tell me that the IBMi system(DCM), of which they
don't know much about at all, has to use the reference number created in 2.
above to insert into the CSR. But when I look at creating a CSR in DCM
there is no reference number field. Just fields for Name, OU, City, State
etc. so I am stuck.
I do have access to our internal CA Certificate and Root Certificate.
Should I load those into DCM and just create and self-sign the cert (if I
can actually do that) before sending a copy to the Wintel box?
Thanks for any advice
midrange.com
