ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamu_5.4.0.1/rzamuconfigiseries.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Configure iSeries A as a Certificate Authority" />
<meta name="DC.Relation" scheme="URI" content="rzamudcmsteps.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamustartibmhttpserver.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamucreateserver.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamuconfigiseries" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure iSeries A
as a Certificate Authority</title>
</head>
<body id="rzamuconfigiseries"><a name="rzamuconfigiseries"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure iSeries A
as a Certificate Authority</h1>
<div><div class="section"><ol><li>In a Web browser, type <samp class="codeph">http://iseriesa:2001</samp>. This will
launch the iSeries™ Task
Page that allows you to access the Digital Certificate Manager (DCM) interface. </li>
<li>Log on with your iSeries A user profile name and password.</li>
<li>Click <span class="uicontrol">Digital Certificate Manager</span>.</li>
<li>From the left navigation pane, select <span class="uicontrol">Create a Certificate
Authority (CA)</span>.</li>
<li>On the Create a Certificate Authority (CA) page, fill in the following
required fields with the information from the DCM planning work sheet: <ul><li><span class="uicontrol">Key size:</span> 1024</li>
<li><span class="uicontrol">Certificate store password: </span> secret</li>
<li><span class="uicontrol">Confirm password:</span> secret  <div class="important"><span class="importanttitle">Important:</span> All
passwords that are used in this scenario are for example purposes only. Do
not use these passwords in any actual configuration.</div>
</li>
<li><span class="uicontrol">Certificate Authority name:</span> mycoca</li>
<li><span class="uicontrol">Organizational name: </span>MyCo, Inc</li>
<li><span class="uicontrol">State or province: </span>min</li>
<li><span class="uicontrol">Country or region: </span>us</li>
<li><span class="uicontrol">Validity period of Certificate Authority (2-7300):</span> 1095</li>
</ul>
</li>
<li>Click <span class="uicontrol">Continue</span>.</li>
<li>On the <span class="uicontrol">Install Local CA certificate</span> page, click <span class="uicontrol">Continue</span>.</li>
<li>On the <span class="uicontrol">Certificate Authority (CA) Policy Data</span> page,
select the following options: <ul><li><span class="uicontrol">Allow creation of user certificates:</span> Yes</li>
<li><span class="uicontrol">Validity period of certificates that are issued by this Certificate
Authority (1-2000):</span> 365</li>
</ul>
</li>
<li>On the Policy Data Accepted page, read the messages that are displayed
and click <span class="uicontrol">Continue</span> to create the default server certificate
store (*SYSTEM) and a server certificate signed by your Certificate Authority
(CA). Read the confirmation message and click <span class="uicontrol">Continue</span>.</li>
<li>On the Create a Server or Client Certificate page, enter the following
information: <ul><li><span class="uicontrol">Key size:</span> 1024</li>
<li><span class="uicontrol">Certificate label:</span> mycocert</li>
<li><span class="uicontrol">Certificate store password: </span>secret </li>
<li><span class="uicontrol">Confirm password:</span> secret <div class="important"><span class="importanttitle">Important:</span> All
passwords that are used in this scenario are for example purposes only. Do
not use these passwords in any actual configuration.</div>
</li>
<li><span class="uicontrol">Common name:</span> mycocert</li>
<li><span class="uicontrol">Organizational name:</span> myco</li>
<li><span class="uicontrol">State or province:</span> min</li>
<li><span class="uicontrol">Country or region:</span> us</li>
<li><span class="uicontrol">IP version 4 address:</span> 192.168.1.2 <div class="note"><span class="notetitle">Note:</span> IP addresses
used in this scenario are meant for example purpose only. They do not reflect
an IP addressing scheme and should not be used in any actual configuration.
You should use your own IP addresses when completing these tasks.</div>
</li>
<li><span class="uicontrol">Fully qualified domain name:</span> iseriesa.myco.min.com</li>
<li><span class="uicontrol">E-mail address:</span> adminstrator@myco.min.com</li>
</ul>
</li>
<li>Click <span class="uicontrol">Continue</span>. </li>
<li>On the Select Application page, click <span class="uicontrol">Continue</span>.
 <div class="tip"><span class="tiptitle">Tip:</span> The VPN New Connection wizard automatically
assigns the certificate you just created to the i5/OS™ VPN Key Manager application. If you
have other applications that might use this certificate, you can select them
on this page. Because this scenario only uses certificates for VPN connections,
there is no need to select any additional applications.</div>
</li>
<li>On the Application Status page, read the messages that are displayed and
click <span class="uicontrol">Cancel</span>. This accepts the changes that you created. <div class="note"><span class="notetitle">Note:</span> If
you want to create a certificate store to contain certificates that are used
to sign objects, select <span class="uicontrol">Continue</span>.</div>
</li>
<li>When the DCM interface is refreshed, select <span class="uicontrol">Select a Certificate
Store</span>.</li>
<li>On the Select a Certificate Store page, select <span class="uicontrol">*SYSTEM</span>.
Click <span class="uicontrol">Continue</span>.</li>
<li>On the Certificate Store and Password page, enter <samp class="codeph">secret</samp>.
Click <span class="uicontrol">Continue</span>.</li>
<li>In the left navigation frame, select <span class="uicontrol">Manage Applications</span>.</li>
<li>On the Manage Applications page, select <span class="uicontrol">Define CA trust list</span>.
Click <span class="uicontrol">Continue</span>.</li>
<li>On the Define CA Trust List page, select <span class="uicontrol">Server</span>.
Click <span class="uicontrol">Continue</span>.</li>
<li>Select <span class="uicontrol">i5/OS VPN Key Manager</span>. Click <span class="uicontrol">Define
CA Trust List</span>.</li>
<li>On the Define CA Trust List page, select <span class="uicontrol">LOCAL_CERTIFICATE_AUTHORITY</span>.
Click <span class="uicontrol">OK</span>.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamudcmsteps.htm">Set up Certificate Authority with Digital Certificate Manager</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamustartibmhttpserver.htm">Start IBM HTTP Server for iSeries on iSeries A</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamucreateserver.htm">Create server certificate for iSeries B</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Configure iSeries A as a Certificate Authority" />`
			`<meta name="DC.Relation" scheme="URI" content="rzamudcmsteps.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzamustartibmhttpserver.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzamucreateserver.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzamuconfigiseries" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Configure iSeries A`
			`as a Certificate Authority</title>`
			`</head>`
			`<body id="rzamuconfigiseries"><a name="rzamuconfigiseries"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Configure iSeries A`
			`as a Certificate Authority</h1>`
			`<div><div class="section"><ol><li>In a Web browser, type <samp class="codeph">http://iseriesa:2001</samp>. This will`
			`launch the iSeries™ Task`
			`Page that allows you to access the Digital Certificate Manager (DCM) interface. </li>`
			`<li>Log on with your iSeries A user profile name and password.</li>`
			`<li>Click <span class="uicontrol">Digital Certificate Manager</span>.</li>`
			`<li>From the left navigation pane, select <span class="uicontrol">Create a Certificate`
			`Authority (CA)</span>.</li>`
			`<li>On the Create a Certificate Authority (CA) page, fill in the following`
			`required fields with the information from the DCM planning work sheet: <ul><li><span class="uicontrol">Key size:</span> 1024</li>`
			`<li><span class="uicontrol">Certificate store password: </span> secret</li>`
			`<li><span class="uicontrol">Confirm password:</span> secret <div class="important"><span class="importanttitle">Important:</span> All`
			`passwords that are used in this scenario are for example purposes only. Do`
			`not use these passwords in any actual configuration.</div>`
			`</li>`
			`<li><span class="uicontrol">Certificate Authority name:</span> mycoca</li>`
			`<li><span class="uicontrol">Organizational name: </span>MyCo, Inc</li>`
			`<li><span class="uicontrol">State or province: </span>min</li>`
			`<li><span class="uicontrol">Country or region: </span>us</li>`
			`<li><span class="uicontrol">Validity period of Certificate Authority (2-7300):</span> 1095</li>`
			`</ul>`
			`</li>`
			`<li>Click <span class="uicontrol">Continue</span>.</li>`
			`<li>On the <span class="uicontrol">Install Local CA certificate</span> page, click <span class="uicontrol">Continue</span>.</li>`
			`<li>On the <span class="uicontrol">Certificate Authority (CA) Policy Data</span> page,`
			`select the following options: <ul><li><span class="uicontrol">Allow creation of user certificates:</span> Yes</li>`
			`<li><span class="uicontrol">Validity period of certificates that are issued by this Certificate`
			`Authority (1-2000):</span> 365</li>`
			`</ul>`
			`</li>`
			`<li>On the Policy Data Accepted page, read the messages that are displayed`
			`and click <span class="uicontrol">Continue</span> to create the default server certificate`
			`store (*SYSTEM) and a server certificate signed by your Certificate Authority`
			`(CA). Read the confirmation message and click <span class="uicontrol">Continue</span>.</li>`
			`<li>On the Create a Server or Client Certificate page, enter the following`
			`information: <ul><li><span class="uicontrol">Key size:</span> 1024</li>`
			`<li><span class="uicontrol">Certificate label:</span> mycocert</li>`
			`<li><span class="uicontrol">Certificate store password: </span>secret </li>`
			`<li><span class="uicontrol">Confirm password:</span> secret <div class="important"><span class="importanttitle">Important:</span> All`
			`passwords that are used in this scenario are for example purposes only. Do`
			`not use these passwords in any actual configuration.</div>`
			`</li>`
			`<li><span class="uicontrol">Common name:</span> mycocert</li>`
			`<li><span class="uicontrol">Organizational name:</span> myco</li>`
			`<li><span class="uicontrol">State or province:</span> min</li>`
			`<li><span class="uicontrol">Country or region:</span> us</li>`
			`<li><span class="uicontrol">IP version 4 address:</span> 192.168.1.2 <div class="note"><span class="notetitle">Note:</span> IP addresses`
			`used in this scenario are meant for example purpose only. They do not reflect`
			`an IP addressing scheme and should not be used in any actual configuration.`
			`You should use your own IP addresses when completing these tasks.</div>`
			`</li>`
			`<li><span class="uicontrol">Fully qualified domain name:</span> iseriesa.myco.min.com</li>`
			`<li><span class="uicontrol">E-mail address:</span> adminstrator@myco.min.com</li>`
			`</ul>`
			`</li>`
			`<li>Click <span class="uicontrol">Continue</span>. </li>`
			`<li>On the Select Application page, click <span class="uicontrol">Continue</span>.`
			`<div class="tip"><span class="tiptitle">Tip:</span> The VPN New Connection wizard automatically`
			`assigns the certificate you just created to the i5/OS™ VPN Key Manager application. If you`
			`have other applications that might use this certificate, you can select them`
			`on this page. Because this scenario only uses certificates for VPN connections,`
			`there is no need to select any additional applications.</div>`
			`</li>`
			`<li>On the Application Status page, read the messages that are displayed and`
			`click <span class="uicontrol">Cancel</span>. This accepts the changes that you created. <div class="note"><span class="notetitle">Note:</span> If`
			`you want to create a certificate store to contain certificates that are used`
			`to sign objects, select <span class="uicontrol">Continue</span>.</div>`
			`</li>`
			`<li>When the DCM interface is refreshed, select <span class="uicontrol">Select a Certificate`
			`Store</span>.</li>`
			`<li>On the Select a Certificate Store page, select <span class="uicontrol">*SYSTEM</span>.`
			`Click <span class="uicontrol">Continue</span>.</li>`
			`<li>On the Certificate Store and Password page, enter <samp class="codeph">secret</samp>.`
			`Click <span class="uicontrol">Continue</span>.</li>`
			`<li>In the left navigation frame, select <span class="uicontrol">Manage Applications</span>.</li>`
			`<li>On the Manage Applications page, select <span class="uicontrol">Define CA trust list</span>.`
			`Click <span class="uicontrol">Continue</span>.</li>`
			`<li>On the Define CA Trust List page, select <span class="uicontrol">Server</span>.`
			`Click <span class="uicontrol">Continue</span>.</li>`
			`<li>Select <span class="uicontrol">i5/OS VPN Key Manager</span>. Click <span class="uicontrol">Define`
			`CA Trust List</span>.</li>`
			`<li>On the Define CA Trust List page, select <span class="uicontrol">LOCAL_CERTIFICATE_AUTHORITY</span>.`
			`Click <span class="uicontrol">OK</span>.</li>`
			`</ol>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamudcmsteps.htm">Set up Certificate Authority with Digital Certificate Manager</a></div>`
			`<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamustartibmhttpserver.htm">Start IBM HTTP Server for iSeries on iSeries A</a></div>`
			`<div class="nextlink"><strong>Next topic:</strong> <a href="rzamucreateserver.htm">Create server certificate for iSeries B</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`