Completing planning work sheets
The following planning work sheets demonstrate the information that you need to gather and the decisions you need to make to prepare the digital certificate implementation that this scenario describes. To ensure a successful implementation, you need to be able to answer Yes to all prerequisite items and you need to have gathered all the information requested before you perform any configuration tasks.
Table 1. Certificate implementation prerequisite planning work sheet Prerequisite work sheet Answers Is your i5/OS® V5R42 (5722-SS1)? Yes Is option 34 of i5/OS installed on your system? Yes Is the IBM® HTTP Server for i5/OS (5722–DG1) installed on your system and Administrative server instance started? Yes Is TCP configured for your system so that you can use a Web browser and the HTTP Server Administrative server instance to access DCM? Yes Do you have *SECADM and *ALLOBJ special authorities? Yes You need to gather the following information about your digital certificate implementation to perform the necessary configuration tasks to complete the implementation:
Table 2. Certificate implementation configuration planning work sheet Planning work sheet for System A Answers Will you operate your own local CA or obtain certificates for your application from a public CA? Obtain certificate from public CA Does System A host the applications that you want to enable for SSL? Yes What distinguished name information will you use for the certificate signing request (CSR) that you use DCM to create?
- Key size: determines strength of cryptographic keys for certificate.
- Certificate label: identifies the certificate with a unique string of characters.
- Common name: identifies the owner of the certificate, such as a person, entity, or application; part of the Subject DN for the certificate.
- Organization unit: identifies the organizational section or area for the application that will use this certificate.
- Organization name: identifies your company or divisional section for the application that will use this certificate.
- Locality or city: identifies your city or a locality designation for your organization.
- State or province: identifies the state or province in which you will use this certificate.
- Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.
Key size: 1024Certificate label: Myco_public_certCommon name: myco_rate_server@myco.comOrganization unit: Rate deptOrganization name: mycoLocality or city: Any_cityState or province: AnyCountry or region: ZZ What is the DCM application ID for the application that you want to configure to use SSL? mcyo_agent_rate_app Will you configure the SSL-enabled application to use certificates for client authentication? If yes, which CAs do you want to add to the application's CA trust list? No
Parent topic:
Scenario: Using certificates for external authenticationNext topic: Creating a server or client certificate request