Certificate stores

Certificates are used to secure communications between i5/OS™ and the hosted system for various functions. The certificates are kept in the following i5/OS certificate stores:

• The i5/OS system certificate store. If you manually import certificates to the hosted system's service processor from an external source, this certificate store is where the corresponding trusted root CA certificates are stored. The system certificate store is shared by many i5/OS applications.
• A certificate store that is associated with the service processor configuration. This certificate store is created automatically for you. The certificates in this certificate store are used only when communicating with hosted systems that use the corresponding service processor configuration. This certificate store is shared if multiple hosted systems (for example, IBM® BladeCenter™ blades) are using the same service processor configuration. Certificates are placed in this certificate store if you:
  • Use the service processor configuration option to generate a certificate.
  • Synchronize a certificate from the hosted system's service processor to the corresponding service processor configuration.
• A certificate store that is associated with the network server description. This certificate store is created and maintained automatically for you. It is used to store certificates that are generated and used internally by the i5/OS Integrated Server Support (for example, certificates that are used when enrolling users to the hosted system). The certificates in this certificate store are used only when communicating with hosted systems that use the corresponding network server description.