RE: setting up SSL on CGIDEV website -- MIDRANGE-L

For your purposes, I would say yes. There are multiple formats in use for certificate files, but DCM should be able to read the .crt files you got. You may need to do some extra work, though. Having used a PC program to create the request, you will likely need to get the private key onto the IBM i along with the CLIENTS.XETXW.COM.crt and any CA files required for the trust chain. I have only used DCM with self-signed certificates created on the system, so I can't say exactly what it will need. The requirements and logic are cross platform, though - you need a private key to decrypt the server key. Without that requirement, anyone would be able to use your certificate and pretend to be your site.
--
Sean Porterfield
________________________________________
From: midrange-l-bounces@xxxxxxxxxxxx [midrange-l-bounces@xxxxxxxxxxxx] on behalf of tim.dclinc@xxxxxxxxx [tim.dclinc@xxxxxxxxx]
Sent: Sunday, December 15, 2013 00:15
To: Midrange Systems Technical Discussion
Subject: Re: setting up SSL on CGIDEV website

I have a question regarding certificate files i generated and received.

i used an ibm pc program "create new key and certificate request to
generate a list of files:

certreq.arm
key.kdb
key.rdb

these files where given to network solutions by our networking guy. They
provided the following files back:

AddTrustExternalCARoot.crt
CLIENTS.XETXW.COM.crt
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt

I read your documentation, but dont see any reference to .crt files. I
do see a reference to .cer files. Are they the same?

Thanks in advance.

the network guy provided me with a bunch of files ending in .crt.
On 12/13/2013 5:47 PM, Bradley Stone wrote:

DCM is the Digital Certificate Manager.

I have a section in my SSL documentation on how to work with it:

http://docs.bvstools.com/home/ssl-documentation

Im sure there are many IBM resources available as well.

On Fri, Dec 13, 2013 at 3:09 PM, tim.dclinc@xxxxxxxxx
<tim.dclinc@xxxxxxxxx>wrote:

thanks for the reply. Can you point me to where i can find out how to
access and use DCM? Never have.

On 12/13/2013 1:18 PM, Bradley Stone wrote:

In a nutshell...

1. Create a Certificate Request (server type) using DCM
2. Go to the site to get an SSL certificate and give them the request.
3. Using DCM, import the certificate (server type) into your *SYSTEM

store.

4. Create an application ID in DCM and assign the certificate to it.
5. Modify your HTTP config files to use the application ID and tell it

to

listen on the port you want to use (Default SSL is 443)

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen xx.xx.xx.xx:443

<VirtualHost xx.xx.xx.xx:443>
SSLAppName APPID
SSLEngine On
SSLCacheDisable
</VirtualHost>

On Fri, Dec 13, 2013 at 8:28 AM, tim.dclinc@xxxxxxxxx
<tim.dclinc@xxxxxxxxx>wrote:

our iseries is hosting CGIDEV http website. We now need to set up SSL.
Does anyone have any documentation on this?

Thanks.
--

________________________________

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.