There are 2 .crt files to install one appears to be the Certificate
for the CA and the other is the certificate for our domain.



I don't recall having to deal with 2 .crt files from a trusted authority. I think you only need the 1 for your domain. Use DCM to import that into the IBM i local *System store and assigned it to the IBM i HTTP server instance you're using.

or

To become more familiar with how the IBM i DCM works, you might find it helpful to delete all defined CAs and Stores. Go back to square 1, just to become familiar with the tools. Then create your local CA. Then create your local *System store. Then create a new certificate in that store. Then assign that certificate to your HTTP server instance. Repeat the process of deleting and creating as many times as it takes to become familiar with the tools.

Beginning from scratch and playing with the tools may not be possible if you're already using IBM i SSL for Telnet, FTP, or other applications. But it is a helpful exercise.

You don't need a certificate from a "trusted authority" to use SSL. Just issue your own certificates. When browsers try to connect using SSL they will get a warning that your site is not trusted, but provide an option for continuing, regardless.

You can avoid the browser warning by "exporting" your certificate from DCM to the IFS. Then use your browser to "import" it as a "trusted" source.

Get used to issuing your own certificates, first. You can worry about certs from a "trusted" authority down the road. The "trusted" authority business is a real racket. Rarely can a business get away with making so much money by providing so little service.

-Nathan


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.