126 lines
7.9 KiB
HTML
126 lines
7.9 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Configure iSeries A as a Certificate Authority" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamudcmsteps.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamustartibmhttpserver.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamucreateserver.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzamuconfigiseries" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Configure iSeries A
|
|
as a Certificate Authority</title>
|
|
</head>
|
|
<body id="rzamuconfigiseries"><a name="rzamuconfigiseries"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Configure iSeries A
|
|
as a Certificate Authority</h1>
|
|
<div><div class="section"><ol><li>In a Web browser, type <samp class="codeph">http://iseriesa:2001</samp>. This will
|
|
launch the iSeries™ Task
|
|
Page that allows you to access the Digital Certificate Manager (DCM) interface. </li>
|
|
<li>Log on with your iSeries A user profile name and password.</li>
|
|
<li>Click <span class="uicontrol">Digital Certificate Manager</span>.</li>
|
|
<li>From the left navigation pane, select <span class="uicontrol">Create a Certificate
|
|
Authority (CA)</span>.</li>
|
|
<li>On the Create a Certificate Authority (CA) page, fill in the following
|
|
required fields with the information from the DCM planning work sheet: <ul><li><span class="uicontrol">Key size:</span> 1024</li>
|
|
<li><span class="uicontrol">Certificate store password: </span> secret</li>
|
|
<li><span class="uicontrol">Confirm password:</span> secret <div class="important"><span class="importanttitle">Important:</span> All
|
|
passwords that are used in this scenario are for example purposes only. Do
|
|
not use these passwords in any actual configuration.</div>
|
|
</li>
|
|
<li><span class="uicontrol">Certificate Authority name:</span> mycoca</li>
|
|
<li><span class="uicontrol">Organizational name: </span>MyCo, Inc</li>
|
|
<li><span class="uicontrol">State or province: </span>min</li>
|
|
<li><span class="uicontrol">Country or region: </span>us</li>
|
|
<li><span class="uicontrol">Validity period of Certificate Authority (2-7300):</span> 1095</li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <span class="uicontrol">Continue</span>.</li>
|
|
<li>On the <span class="uicontrol">Install Local CA certificate</span> page, click <span class="uicontrol">Continue</span>.</li>
|
|
<li>On the <span class="uicontrol">Certificate Authority (CA) Policy Data</span> page,
|
|
select the following options: <ul><li><span class="uicontrol">Allow creation of user certificates:</span> Yes</li>
|
|
<li><span class="uicontrol">Validity period of certificates that are issued by this Certificate
|
|
Authority (1-2000):</span> 365</li>
|
|
</ul>
|
|
</li>
|
|
<li>On the Policy Data Accepted page, read the messages that are displayed
|
|
and click <span class="uicontrol">Continue</span> to create the default server certificate
|
|
store (*SYSTEM) and a server certificate signed by your Certificate Authority
|
|
(CA). Read the confirmation message and click <span class="uicontrol">Continue</span>.</li>
|
|
<li>On the Create a Server or Client Certificate page, enter the following
|
|
information: <ul><li><span class="uicontrol">Key size:</span> 1024</li>
|
|
<li><span class="uicontrol">Certificate label:</span> mycocert</li>
|
|
<li><span class="uicontrol">Certificate store password: </span>secret </li>
|
|
<li><span class="uicontrol">Confirm password:</span> secret <div class="important"><span class="importanttitle">Important:</span> All
|
|
passwords that are used in this scenario are for example purposes only. Do
|
|
not use these passwords in any actual configuration.</div>
|
|
</li>
|
|
<li><span class="uicontrol">Common name:</span> mycocert</li>
|
|
<li><span class="uicontrol">Organizational name:</span> myco</li>
|
|
<li><span class="uicontrol">State or province:</span> min</li>
|
|
<li><span class="uicontrol">Country or region:</span> us</li>
|
|
<li><span class="uicontrol">IP version 4 address:</span> 192.168.1.2 <div class="note"><span class="notetitle">Note:</span> IP addresses
|
|
used in this scenario are meant for example purpose only. They do not reflect
|
|
an IP addressing scheme and should not be used in any actual configuration.
|
|
You should use your own IP addresses when completing these tasks.</div>
|
|
</li>
|
|
<li><span class="uicontrol">Fully qualified domain name:</span> iseriesa.myco.min.com</li>
|
|
<li><span class="uicontrol">E-mail address:</span> adminstrator@myco.min.com</li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <span class="uicontrol">Continue</span>. </li>
|
|
<li>On the Select Application page, click <span class="uicontrol">Continue</span>.
|
|
<div class="tip"><span class="tiptitle">Tip:</span> The VPN New Connection wizard automatically
|
|
assigns the certificate you just created to the i5/OS™ VPN Key Manager application. If you
|
|
have other applications that might use this certificate, you can select them
|
|
on this page. Because this scenario only uses certificates for VPN connections,
|
|
there is no need to select any additional applications.</div>
|
|
</li>
|
|
<li>On the Application Status page, read the messages that are displayed and
|
|
click <span class="uicontrol">Cancel</span>. This accepts the changes that you created. <div class="note"><span class="notetitle">Note:</span> If
|
|
you want to create a certificate store to contain certificates that are used
|
|
to sign objects, select <span class="uicontrol">Continue</span>.</div>
|
|
</li>
|
|
<li>When the DCM interface is refreshed, select <span class="uicontrol">Select a Certificate
|
|
Store</span>.</li>
|
|
<li>On the Select a Certificate Store page, select <span class="uicontrol">*SYSTEM</span>.
|
|
Click <span class="uicontrol">Continue</span>.</li>
|
|
<li>On the Certificate Store and Password page, enter <samp class="codeph">secret</samp>.
|
|
Click <span class="uicontrol">Continue</span>.</li>
|
|
<li>In the left navigation frame, select <span class="uicontrol">Manage Applications</span>.</li>
|
|
<li>On the Manage Applications page, select <span class="uicontrol">Define CA trust list</span>.
|
|
Click <span class="uicontrol">Continue</span>.</li>
|
|
<li>On the Define CA Trust List page, select <span class="uicontrol">Server</span>.
|
|
Click <span class="uicontrol">Continue</span>.</li>
|
|
<li>Select <span class="uicontrol">i5/OS VPN Key Manager</span>. Click <span class="uicontrol">Define
|
|
CA Trust List</span>.</li>
|
|
<li>On the Define CA Trust List page, select <span class="uicontrol">LOCAL_CERTIFICATE_AUTHORITY</span>.
|
|
Click <span class="uicontrol">OK</span>.</li>
|
|
</ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamudcmsteps.htm">Set up Certificate Authority with Digital Certificate Manager</a></div>
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamustartibmhttpserver.htm">Start IBM HTTP Server for iSeries on iSeries A</a></div>
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamucreateserver.htm">Create server certificate for iSeries B</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |