URL :- https://github.com/RitFori/RitFori

I have just published an Open Source repository in Github called RitFori/RitFori to help with automating the creation and renewal of TLS certificates. Currently, there is no native IBM i ACME Service, to my knowledge. So, I thought I'd create one, with the help of Rowton IT.

RitFori will set up your new user for ssh and place your first certificate request into a JKS (Java Key Store) which will then be used for the RSE APIs (Remote System Explorer API). Using RSE APIs RitFori can create and renew your certificates into the IBM i DCM (Digital Certificate Manager). Your first certificate can also be used for your application, as the certificate is loaded into the JKS and the DCM separately.

It has been tested on V7.4 and V7.5. Currently it does not work on V7.6, it appears to require the intermediate Certificates E7 and E8 in order to install the Acme software. I will address this soon.

I have used Cloudflare for the domain API token. I hope that other companies with domain services will have the same token format.

There are a couple of places in the one time setup, where manual intervention is currently required. I'm hoping that IBM will cover these sometime in the future, they have been added to IBM i Ideas.

I hope that, if you are interested, you will have a look and suggest improvements, report problems or collaborate.