Completing planning work sheets

 

The following planning work sheets demonstrate the information that you need to gather and the decisions you need to make to prepare the digital certificate implementation that this scenario describes. To ensure a successful implementation, you need to be able to answer Yes to all prerequisite items and you need to have gathered all the information requested before you perform any configuration tasks.

Table 1. Certificate implementation prerequisite planning work sheet
Prerequisite work sheet Answers
Is youri5/OS® V5R4 (5722-SS1)? Yes
Is option 34 of i5/OS installed on your system? Yes
Is the IBM® HTTP Server for i5/OS (5722–DG1) installed on your system and Administrative server instance started? Yes
Is TCP configured for your system so that you can use a Web browser and the HTTP Server Administrative server instance to access DCM? Yes
Do you have *SECADM and *ALLOBJ special authorities? Yes

You need to gather the following information about your digital certificate implementation to perform the necessary configuration tasks to complete the implementation:

Table 2. Certificate implementation configuration planning work sheet
Planning work sheet for System A Answers
Will you operate your own local CA or obtain certificates for your application from a public CA? Create local CA to issue certificates
Does System A host the applications that you want to enable for SSL? Yes
What distinguished name information will you use for the local CA?

  • Key size: determines strength of cryptographic keys for certificate.

  • Certificate Authority (CA) name: identifies the CA and becomes the common name for the CA certificate and the Issuer DN for certificates that the CA issues.

  • Organization unit: identifies the organizational section or area for the application that will use this certificate.

  • Organization name: identifies your company or divisional section for the application that will use this certificate.

  • Locality or city: identifies your city or a locality designation for your organization.

  • State or province: identifies the state or province in which you will use this certificate.

  • Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.

  • Validity period of Certificate Authority: specifies the number of days for which the Certificate Authority certificate is valid
Key size: 1024Certificate Authority (CA) name: Myco_CA@myco.comOrganization unit: Rate deptOrganization name: mycoLocality or city: Any_cityState or province: AnyCountry or region: ZZValidity period of Certificate Authority: 1095
Do you want to set the policy data for the local CA to allow it to issue user certificates for client authentication? Yes
What distinguished name information will you use for the server certificate that the local CA issues?

  • Key size: determines strength of cryptographic keys for certificate.

  • Certificate label: identifies the certificate with a unique string of characters.

  • Common name: identifies the owner of the certificate, such as a person, entity, or application; part of the Subject DN for the certificate.

  • Organization unit: identifies the organizational section or area for the application that will use this certificate.

  • Organization name: identifies your company or divisional section for the application that will use this certificate.

  • Locality or city: identifies your city or a locality designation for your organization.

  • State or province: identifies the state or province in which you will use this certificate.

  • Country or region: identifies, with a two-letter designation, the country or region in which you will use this certificate.
Key size: 1024Certificate label: Myco_public_certCommon name: myco_rate_server@myco.comOrganization unit: Rate deptOrganization name: mycoLocality or city: Any_cityState or province: AnyCountry or region: ZZ
What is the DCM application ID for the application that you want to configure to use SSL? mcyo_agent_rate_app
Will you configure the SSL-enabled application to use certificates for client authentication? If yes, which CAs do you want to add to the application's CA trust list? YesMyco_CA@myco.com

 

Parent topic:

Scenario: Using certificates for internal authentication
Next topic: Configuring the human resources HTTP Server to use SSL