Digital Certificate Manager (DCM)
Use the DCM to manage digital certificates and private keys on IBM i.
The Digital Certificate Manager (DCM) enables you to manage digital certificates and to use them in secure applications on the IBM i server. With Digital Certificate Manager, we can request and process digital certificates from Certificate Authorities (CAs) or other third-parties. We can also act as a local Certificate Authority to create and manage digital certificates for the users.
DCM also supports using Certificate Revocation Lists (CRLs) to provide a stronger certificate and application validation process. We can use DCM to define the location where a specific Certificate Authority CRL resides on an LDAP server so that IBM MQ can verify that a specific certificate has not been revoked.
DCM supports and can automatically detect certificates in a variety of formats. When DCM detects a PKCS #12 encoded certificate, or a PKCS #7 certificate that contains encrypted data, it automatically prompts the user to enter the password that was used to encrypt the certificate. DCM does not prompt for PKCS #7 certificates that do not contain encrypted data.
DCM provides a browser-based user interface used to manage digital certificates for the applications and users. The user interface is divided into two main frames: a navigation frame and a task frame.
You use the navigation frame to select the tasks to manage certificates or the applications that use them. Some individual tasks are shown directly in the main navigation frame, but most tasks in the navigation frame are organized into categories. For example, Manage Certificates is a task category that contains various individual guided tasks, such as View certificate, Renew certificate, and Import certificate. If an item in the navigation frame is a category that contains more than one task, an arrow is displayed to the left of it. The arrow indicates that when you select the category link, an expanded list of tasks displays, enabling you to choose which task to perform.
For important information about DCM, see the following IBM Redbooks publications:- IBM i Wired Network Security: OS/400 V5R1 DCM and Cryptographic Enhancements, SG24-6168. Specifically, see the appendixes for essential information about setting up the IBM i system as a local CA.
- AS/400 Internet Security: Developing a Digital Certificate Infrastructure, SG24-5659. Specifically, see Chapter 5. Digital Certificate Manager for AS/400 , which explains the AS/400 DCM.
Parent topic: TLS security protocols in IBM MQ