Configuring System A as a certificate authority

Use this procedure to configure System A as a certificate authority (CA).

1. In a Web browser, type http://systema:2001. This launches the Task Page that allows you to access the Digital Certificate Manager (DCM) interface.

2. Log on with your System A user profile name and password.

3. Select Digital Certificate Manager.

4. From the left navigation pane, select Create a Certificate Authority (CA).

5. On the Create a Certificate Authority (CA) page, fill in the following required fields with the information from the DCM planning worksheet:

   • Key size: 1024

   • Certificate store password: secret

   • Confirm password: secret

     All passwords that are used in this scenario are for example purposes only. Do not use these passwords in any actual configuration.

   • Certificate Authority name: mycoca

   • Organization name: MyCo, Inc

   • State or province: min

   • Country or region: us

   • Validity period of Certificate Authority (2-7300): 1095

6. Click Continue.

7. On the Install Local CA certificate page, click Continue.

8. On the Certificate Authority (CA) Policy Data page, select the following options:

   • Allow creation of user certificates: Yes

   • Validity period of certificates that are issued by this Certificate Authority (1-2000): 365

9. On the Policy Data Accepted page, read the messages that are displayed and click Continue to create the default server certificate store (*SYSTEM) and a server certificate signed by your CA. Read the confirmation message and click Continue.

10. On the Create a Server or Client Certificate page, enter the following information:

    • Key size: 1024

    • Certificate label: mycocert

    • Certificate store password: secret

    • Confirm password: secret

      All passwords that are used in this scenario are for example purposes only. Do not use these passwords in any actual configuration.

    • Common name: mycocert

    • Organization name: myco

    • State or province: min

    • Country or region: us

    • IP version 4 address: 192.168.1.2

      IP addresses used in this scenario are meant for example purposes only. They do not reflect an IP addressing scheme and should not be used in any actual configuration. You should use your own IP addresses when completing these tasks.

    • Fully qualified domain name: systema.myco.min.com

    • E-mail address: administrator@myco.min.com

11. Click Continue.

12. On the Select Application page, click Continue.
    Tip: The VPN New Connection wizard automatically assigns the certificate you just created to the i5/OS^® VPN key manager application. If you have other applications that might use this certificate, you can select them on this page. Because this scenario only uses certificates for VPN connections, there is no need to select any additional applications.

13. On the Application Status page, read the messages that are displayed and click Cancel. This accepts the changes that you created.

    If you want to create a certificate store to contain certificates that are used to sign objects, select Continue.

14. When the DCM interface is refreshed, select Select a Certificate Store.

15. On the Select a Certificate Store page, select *SYSTEM. Click Continue.

16. On the Certificate Store and Password page, enter secret. Click Continue.

17. In the left navigation frame, select Manage Applications.

18. On the Manage Applications page, select Define CA trust list. Click Continue.

19. On the Define CA Trust List page, select Server. Click Continue.

20. Select i5/OS VPN Key Manager. Click Define CA Trust List.

21. On the Define CA Trust List page, select LOCAL_CERTIFICATE_AUTHORITY. Click OK.

Parent topic: