*>I'd rather have something that allows you to supply a certificate and
have it automatically import the CA chain into a certificate store.*

What do we gain by using IBM's cert store? Wouldn't we rather have the
SSLCertificate* Apache directives and use openssl (PASE command) to
quickly/easily take care of business?


Btw, IBM was very responsive and provided the following links for
automating SSL DCM related tasks. I haven't (yet) dug deep enough to learn
which, and what order, the APIs need to be called. Might take some sweat,
but at least it is possible.

1) Native IBM i JSSE provider description.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzaha/rzahajssenative16.htm?lang=en

2) Some keystore utility methods for IBM JDK
http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.api.doc/keycertmgmt/com/ibm/security/keystoreutil/KeyStoreUtil.html?cp=SSYKE2_7.0.0%2F7-22-6-4&lang=en

3) DCM native APIs.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/apis/secex1.htm


Aaron Bartell

On Mon, Aug 10, 2015 at 2:26 PM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

I'd rather have something that allows you to supply a certificate and have
it automatically import the CA chain into a certificate store.

That is what I would put as #1 or #2 on the want list for SSL.

Brad
www.bvstools.com

On Mon, Aug 10, 2015 at 12:32 PM, Nathan Andelin <nandelin@xxxxxxxxx>
wrote:


You can easily make the config files and instances... but linking

certificates to server applications via anything but the DCM is
futile.


That has been a problem for me too. I would like IBM to provide a
solution
that would enable "linking" certificates to HTTP server instances via
automated procedures.


Btw, I am going to bring this to IBM's attention.


Thanks for that.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.