Accessing CRLs and ARLs on IBM i
Use this procedure to access CRLs or ARLs on IBM i.
Note that in this section, information about Certificate Revocation Lists (CRLs) also applies to Authority Revocation Lists (ARLs).
Follow these steps to set up a CRL location for a specific certificate on IBM i:- Access the DCM interface, as described in Accessing DCM.
- In the Manage CRL locations task category in the navigation panel, click Add CRL location. The Manage CRL Locations page is displayed in the task frame.
- In the CRL Location Name field, type a CRL location name, for example LDAP Server #1
- In the LDAP Server field, type the LDAP server name.
- In the Use Secure Sockets Layer (SSL) field, select Yes if we want to connect to the LDAP server using TLS. Otherwise, select No.
- In the Port Number field, type a port number for the LDAP server, for example 389.
- If your LDAP server does not allow anonymous users to query the directory, type a login distinguished name for the server in the login distinguished name field.
- Click OK. DCM informs you that it has created the CRL location.
- In the navigation panel, click Select a Certificate Store. The Select a Certificate Store page is displayed in the task frame.
- Select the Other System Certificate Store check box and click Continue. The Certificate Store and Password page is displayed.
- In the Certificate store path and filename field, type the IFS path and file name you set when Create a certificate store on IBM i.
- Type a password in the Certificate Store Password field. Click Continue. The Current Certificate Store page is displayed in the task frame.
- In the Manage Certificates task category in the navigation panel, click Update CRL location assignment. The CRL Location Assignment page is displayed in the task frame.
- Select the radio button for the CA certificate to which we want to assign the CRL location. Click Update CRL Location Assignment. The Update CRL Location Assignment page is displayed in the task frame.
- Select the radio button for the CRL location which we want to assign to the certificate. Click Update Assignment. DCM informs you that it has updated the assignment.
Note that DCM allows you to assign a different LDAP server by Certificate Authority. Parent topic: Accessing CRLs and ARLs with a queue manager