Re: Create Self Signed Single Level Certificate on i5 -- MIDRANGE-L

Hi Jeff,

I have a client that needs to create a Single Level Self Signed Certificate on the i5 for communicating with an FTP SSL host. The host system requires a single certificate that contains the Certificate Authority and Client Application.

Interesting. Why do they care whether it's single-level or not? Seems
like a strange requirement.

After speaking with IBM support, I was informed that the i5 can not
do this.

That's not exactly true. I may be picking nits with your phrasing, here, but... The Digital Certificate Manager in i5/OS cannot do what you ask. However, it's not the i5 itself, but the DCM that has this limitation.

You could create the certificate on an i5 using OpenSSL.

So it's not a limitation with the i5 -- it's a limitation with a particular software package, the digital certificate manager. Unfortunately, since pretty much all software for i5/OS is based on the DCM, this puts you in a bit of a bind.

Here's what I don't know: If you generate a self-signed single level certificate via OpenSSL and import it into the DCM, will standard i5/OS applications (which are based on the DCM) work? Or do you have to use an OpenSSL-based application for it to work?

In other words, is the limitation only related to generating certificates, or does it apply to using existing certificates as well?

If all else fails, you could probably do the whole she-bang in PASE, and bypass the DCM.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.