In order to enroll for a certificate you must generate a Certificate Signing Request (CSR) for your IBM AS 400 iSeries you must generate your CSR from the system you plan on running the certificate. Like all certificates you must first create a CSR public/private key pair. These two items are unique and cannot be separated. The CSR you will give to the CA for signing and the private key will rest left on the system where the CSR was generated.
To generate a CSR on a IBM AS 400 iSeries system perform the following.
Step 1: Generating your CSR:
- Start Digital Certificate Manager (DCM).
- In the navigation pane, select Create New Certificate Store
Note: For renewal, select Select a Certificate Store > Manage Certificates > Renew Certificate > select certificate you want to renew > Renew - Select *SYSTEM as your certificate store
- Click Continue.
- Select Yes to create a certificate as part of creating the *SYSTEM certificate store.
- Click Continue.
- Select VeriSign or other Internet Certificate Authority (CA).
- Click Continue.
- On the form pop up display specify the following information:
- New certificate label: Specify a Unique name for this CSR keypair.
- Key Size: From the drop down menu select 2048 bits.
Note: If you do not have the option to select anything greater than 2048 bits it means your system is out of date and you will have to contact IBM for a patch update or a solution. - Common Name (CN): The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- After filling out the form click Continue.
- A confirmation page displays the certificate request data that you must provide to the public Certificate Authority (CA) that will issue your certificate
Copy and paste the entire CSR data into a notepad file and save it. When enrolling for your SSL Certificate you will copy and paste the entire CSR data into your enrollment form.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
IBM Support
For more information refer to IBM.
For IBM AS 400 iSeries installation instructions click here.