Requesting a certificate from the local CA

 

In earlier steps, you configured the human resources Web server to require certificates for user authentication. Now users must present a valid certificate from the local CA before they are allowed to access the Web server. Each user must use Digital Certificate Manager (DCM) to obtain a certificate by using the Create Certificate task. In order to obtain a certificate from the local CA, the local CA policy must allow the CA to issue user certificates.

Each user (Clients B, C, and D) must complete these steps to obtain a certificate:

  1. Start DCM. Refer to Starting DCM.

  2. In the navigation frame, select Create Certificate.

  3. Select User certificate as the type of certificate to create. A form displays so that you can provide identifying information for the certificate.

  4. Complete the form and click Continue.

    If you have questions about how to complete a specific form in this guided task, select the question mark (?) at the top of the page to access the online help.

  5. At this point, DCM works with your browser to create the private and public key for the certificate. Your browser may display windows to guide you through this process. Follow the browser's instructions for these tasks. After the browser generates the keys, a confirmation page displays to indicate that DCM created the certificate.

  6. Install the new certificate in your browser software. Your browser may display windows to guide you through this process. Follow the instructions that the browser gives to complete this task.

  7. Click OK to finish the task.

During processing, the Digital Certificate Manager automatically associates the certificate with your System i™ user profile.

With these tasks complete, only authorized users with a valid certificate can access data from the human resources Web server and that data is protected during transmission by SSL.

 

Parent topic:

Scenario: Using certificates for internal authentication
Previous topic: Installing a copy of the local CA certificate in a browser