Digital Certificate Manager (DCM)
The Digital Certificate Manager (DCM) enables you to manage digital certificates and to use them in secure applications on the iSeries™ server. With Digital Certificate Manager, we can request and process digital certificates from Certification Authorities (CAs) or other third-parties. We can also act as a local Certification Authority to create and manage digital certificates for your users.
DCM also supports using CRLs to provide a stronger certificate and application validation process. We can use DCM to define the location where a specific Certificate Authority CRL resides on an LDAP server so that WebSphere MQ can verify that a specific certificate has not been revoked.
On i5/OS V5R1, DCM supports and can automatically detect certificates in the following formats: Base64, PKCS #7, PKCS #12 V1 and V3 (new in V5R1) and the C3 encoded standard. C3 is an IBM internal format, used when importing from, or exporting to, iSeries systems with i5/OS V4R3. When DCM detects a PKCS #12 encoded certificate, or a PKCS #7 certificate that contains encrypted data, it automatically prompts the user to enter the password that was used to encrypt the certificate. DCM does not prompt for PKCS #7 certificates that do not contain encrypted data.
DCM provides a browser-based user interface that we can use to manage digital certificates for your applications and users. The user interface is divided into two main frames: a navigation frame and a task frame.
You use the navigation frame to select the tasks to manage certificates or the applications that use them. Some individual tasks appear directly in the main navigation frame, but most tasks in the navigation frame are organized into categories. For example, Manage Certificates is a task category that contains a variety of individual guided tasks, such as View certificate, Renew certificate, Import certificate. If an item in the navigation frame is a category that contains more than one task, an arrow appears to the left of it. The arrow indicates that when you select the category link, an expanded list of tasks displays, enabling you to choose which task to perform.
For important information about DCM, see the following IBM Redbooks™:
- IBM iSeries Wired Network Security: OS/400 V5R1 DCM and Cryptographic Enhancements, SG24-6168. Specifically, see the appendices for essential information on setting up your AS/400 or iSeries system as a local CA.
- AS/400 Internet Security: Developing a Digital Certificate Infrastructure, SG24-5659. Specifically, see “Chapter 5. Digital Certificate Manager for AS/400”, which explains the AS/400 DCM.
Parent topic:
Working with the Secure Sockets Layer (SSL) on i5/OS
sy11920_