1.  Home
  2. MIDRANGE-L
  3. August 2007

Re: Create Self Signed Single Level Certificate on i5

Scott,
You are correct that the IBM support rep indicated that DCM could not not do what I wanted.
How would I do this with openssl or the PASE?

Thanks,

Jeff Young
Sr. Programmer Analyst
IBM -e(logo) server Certified Systems Exper - iSeries Technical Solutions V5R2
IBM Certified Specialist- e(logo) server i5Series Technical Solutions Designer V5R3
IBM Certified Specialist- e(logo)server i5Series Technical Solutions Implementer V5R3









----- Original Message ----
From: Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Tuesday, August 28, 2007 4:27:51 PM
Subject: Re: Create Self Signed Single Level Certificate on i5


Hi Jeff,

I have a client that needs to create a Single Level Self Signed
Certificate on the i5 for communicating with an FTP SSL host. The
host system requires a single certificate that contains the
Certificate Authority and Client Application.

Interesting. Why do they care whether it's single-level or not? Seems
like a strange requirement.

After speaking with IBM support, I was informed that the i5 can not
do this.

That's not exactly true. I may be picking nits with your phrasing,
here, but... The Digital Certificate Manager in i5/OS cannot do what
you ask. However, it's not the i5 itself, but the DCM that has this
limitation.

You could create the certificate on an i5 using OpenSSL.

So it's not a limitation with the i5 -- it's a limitation with a
particular software package, the digital certificate manager.
Unfortunately, since pretty much all software for i5/OS is based on the
DCM, this puts you in a bit of a bind.

Here's what I don't know: If you generate a self-signed single level
certificate via OpenSSL and import it into the DCM, will standard i5/OS
applications (which are based on the DCM) work? Or do you have to use
an OpenSSL-based application for it to work?

In other words, is the limitation only related to generating
certificates, or does it apply to using existing certificates as well?

If all else fails, you could probably do the whole she-bang in PASE, and
bypass the DCM.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.