Create CA certificates for testing

 

The CA certificates that are provided when you install SSL are signed by the issuing CA. On i5/OS, we can generate a local Certification Authority that can sign server certificates for testing SSL communications on your system.

The instructions in this section assume that a local CA does not already exist. If a local CA does exist, go straight to Requesting a server certificate.

Use the following procedure in Internet Explorer to create a local CA certificate to sign certificate requests:

  1. Access the DCM interface, as described in Accessing DCM.

  2. In the navigation panel, click Create a Certificate Authority. The Create a Certificate Authority page displays in the task frame.

  3. Type a password in the Certificate store password field and type it again in the Confirm password field.

  4. Type a name in the Certificate Authority (CA) name field, for example SSL Test Certification Authority.

  5. Type a Common Name and Organization, and select a Country. For the remaining optional fields, type the values you require.

  6. Type a validity period for the local CA in the Validity period field. The default value is 1095 days.

  7. Click Continue. The CA is created, and DCM creates a certificate store and a CA certificate for your local CA.

  8. Click Install certificate. The download manager dialog box displays.

  9. Type the full path name for the temporary file in which you want to store the CA certificate and click Save.

  10. When download is complete, click Open. The Certificate window displays

  11. Click Install certificate. The Certificate Import Wizard displays.

  12. Click Next.

  13. Type the full path name of the temporary file in which you stored the CA certificate, or click Browse to find the temporary file.

  14. Click Next.

  15. Select the Automatically select the certificate store based on the type of certificate check box.

  16. Click Next.

  17. Click Finish. A confirmation window appears.

  18. Click OK.

  19. Click OK in the Certificate window.

  20. Click Continue. The Certificate Authority Policy page displays in the task frame.

  21. In the allow creation of user certificates field, select the Yes radio button.

  22. In the Validity period field, type the validity period of certificates that are issued by your local CA. The default value is 365 days.

  23. Click Continue. The Create a Certificate in New Certificate Store page displays in the task frame.

  24. Ensure none of the applications are selected.

  25. Click Continue to complete the setup of the local CA.

When you make certificate requests to the local CA, as described in Requesting a server certificate, the signed certificates can be exported and imported in PKCS #12 format into certificate stores to test SSL.

 

Parent topic:

Obtaining server certificates


sy12030_