Skip to content

Create a TLS-SSL DCM Application

Published: 2024-10-14

An SSL Application in the IBM i DCM is used to assign certificates, specify cyphers and encryption algorithms. These settings are then used by the HTTP server when negotiating the SSL tunnel with a remote SSL server or client for a request. 

Create the SSL Application

Warning

A user profile with *IOSYSCFG authority is required for these setup tasks.

To begin, verify that the *ADMIN HTTP server job is running with the following command:

WRKSBSJOB SBS(QHTTPSVR)

If you don’t see *ADMIN in the list, please run the following command to start it:

STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

After you’ve ensured that the *ADMIN server is running, open a web browser (Microsoft Edge or Chrome is recommended), and go to http://[youribmiserver]:2001/HTTPAdmin - you should see a login page as seen below:

from the landing page elect (if not already selected) the "related links tab" which will bring up the page below:

Now, click the “Digital Certificate Manager” link. You may be prompted to log in again - if you are, enter your IBM i username and password. It is recommended to log into the Digital Certificate Manager on a profile with elevated authority.

After you are logged in, click on the Open Certificate Store” button in the far left of the page. Then, select the *SYSTEM store button in the main section, and press the “Continue” button. If you do not see *SYSTEM, you will need to go set up SSL on your IBM i.

It will then prompt you for your *SYSTEM store password. Enter your password and select the “Continue” button. 

Note

If you do not remember the password, you can simply select “Reset Password” - you will be allowed to reset the password without knowing the previous password.

Next, select “Manage Applications Definitions” from the header menu, and then select "Create".

Select "Server" or "Client" The following screen will appear:

Now add a suitable name for the application and select Application description and provide an applicable one (Kindly consult your networking/infrastructure staff for an appropriate name):

Warning

Please copy or make a note of the application ID (not description) used. This Application ID is a mandatory value when enabling an HTTP server for HTTPS!

All other options can be left as defaults, which will be set as the system defaults are defined.

Warning

Please consult with your security/infrastructure administrators tha the default system values are OK to use, or set them here as appropriate.

Scroll down to the bottom and select "Create"

Update Certificate Assignment

Next a certificate from the system store must be allocated to the Application you have created above.

From the List of applications on the screen, navigate to the application you have just created.

Tip

You can use te filter or search options in the top right hand side of the list:

When you have found the required application, select the "+" plus sign to expand the options :

Select the "Assign Certificates" option.

Select certificate/s from the list to assign to the application, and then select the "Assign" link at the bottom.

From here you should receive this message: