Creating a certificate store on IBM i

If we do not want to use the default certificate store, follow this procedure to create your own.


About this task

Create a new certificate store only if we do not want to use the IBM® i default certificate store.

To specify that the IBM i system certificate store is to be used, change the value of the queue manager's SSLKEYR attribute to *SYSTEM. This value indicates that the queue manager uses the system certificate store, and the queue manager is registered for use as an application with Digital Certificate Manager (DCM).


Procedure

  1. Access the DCM interface, as described in Accessing DCM
  2. In the navigation panel, click Create New Certificate Store. The Create New Certificate Store page is displayed in the task frame.
  3. In the task frame, select Other System Certificate Store and click Continue. The Create a Certificate in New Certificate Store page is displayed in the task frame.
  4. Select No - Do not create a certificate in the certificate store and click Continue. The Certificate Store Name and Password page is displayed in the task frame.
  5. In the Certificate store path and filename field, type an IFS path and file name, for example /QIBM/UserData/mqm/qmgrs/qm1/key.kdb
  6. Type a password in the Password field and type it again in the Confirm Password field. Click Continue. Make a note of the password (which is case sensitive) because you need it when you stash the repository key.
  7. To exit from DCM, close your browser window.


What to do next

When we have created the certificate store using DCM, ensure you stash the password, as described in Stashing the certificate store password on IBM i systems