IBM i Global

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

Dear Robert

DId you assign the same client/server certificate to these IBM i services that you want ?   If so, I found out long ago that just putting a root certificate into *SYSTEM store is enough.  All IBM i services seems to use it by default. Navigator for i is not a service in there, so you still need to take the action as you did from the Technote.

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

What does "putting a root certificate into *SYSTEM store" mean?

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 10:26 PM
From: Satid Singkorapoom
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

Dear Robert

DId you assign the same client/server certificate to these IBM i services that you want ?   If so, I found out long ago that just putting a root certificate into *SYSTEM store is enough.  All IBM i services seems to use it by default. Navigator for i is not a service in there, so you still need to take the action as you did from the Technote.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Tue September 26, 2023 10:47 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 08:14 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

------------------------------
Robert Berendt IBMChampion
------------------------------

If you use a root certificate from another computer system or party, you import it into *SYSTEM store.  If you create a self-signed certificate in IBM i Local CA store of the server that run those services, you create a client/server certificate into *SYSTEM store based on the root one from Local CA store.  And then you specify it as the default certificate. Thereafter, all IBM i services with no explicit assignment of any certificate will use this default one.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Wed September 27, 2023 08:01 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

What does "putting a root certificate into *SYSTEM store" mean?

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 10:26 PM
From: Satid Singkorapoom
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

Dear Robert

DId you assign the same client/server certificate to these IBM i services that you want ?   If so, I found out long ago that just putting a root certificate into *SYSTEM store is enough.  All IBM i services seems to use it by default. Navigator for i is not a service in there, so you still need to take the action as you did from the Technote.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Tue September 26, 2023 10:47 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 08:14 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

------------------------------
Robert Berendt IBMChampion
------------------------------

I am using a cert from Digicert.  If I do not "assign" it to each service necessary then that verification screen fails.

If you use a root certificate from another computer system or party, you import it into *SYSTEM store.  If you create a self-signed certificate in IBM i Local CA store of the server that run those services, you create a client/server certificate into *SYSTEM store based on the root one from Local CA store.  And then you specify it as the default certificate. Thereafter, all IBM i services with no explicit assignment of any certificate will use this default one.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Wed September 27, 2023 08:01 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

What does "putting a root certificate into *SYSTEM store" mean?

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 10:26 PM
From: Satid Singkorapoom
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

Dear Robert

DId you assign the same client/server certificate to these IBM i services that you want ?   If so, I found out long ago that just putting a root certificate into *SYSTEM store is enough.  All IBM i services seems to use it by default. Navigator for i is not a service in there, so you still need to take the action as you did from the Technote.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Tue September 26, 2023 10:47 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 08:14 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

------------------------------
Robert Berendt IBMChampion
------------------------------

If you cannot see an option "Set AS Default" for that Digicert certificate (click + sign for that certificate you see in IBM i DCM), then it is a root certificate.  But if it comes as an intermediate certificate (called client/server certificate in IBM i DCM), you will see this alternative way of setting it as a default one to avoid repetitive assignment to multiple services of your interest.  

I am using a cert from Digicert.  If I do not "assign" it to each service necessary then that verification screen fails.

If you use a root certificate from another computer system or party, you import it into *SYSTEM store.  If you create a self-signed certificate in IBM i Local CA store of the server that run those services, you create a client/server certificate into *SYSTEM store based on the root one from Local CA store.  And then you specify it as the default certificate. Thereafter, all IBM i services with no explicit assignment of any certificate will use this default one.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Wed September 27, 2023 08:01 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

What does "putting a root certificate into *SYSTEM store" mean?

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 10:26 PM
From: Satid Singkorapoom
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

Dear Robert

DId you assign the same client/server certificate to these IBM i services that you want ?   If so, I found out long ago that just putting a root certificate into *SYSTEM store is enough.  All IBM i services seems to use it by default. Navigator for i is not a service in there, so you still need to take the action as you did from the Technote.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.

Original Message:
Sent: Tue September 26, 2023 10:47 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

By following the previous resolutions, and by completely restarting iACS, I can now do the connection verify and pass with flying colors

------------------------------
Robert Berendt IBMChampion

Original Message:
Sent: Tue September 26, 2023 08:14 AM
From: Robert Berendt
Subject: Assigning certificates via DCM for various IBM i Access Client Solutions services

I am trying to apply a certificate to the various IBM i Access Client Solutions services.  I do not want to just apply the cert to all services.  When I turn on SSL for one lpar I must be missing a few services as I am getting:

I've got most of these figured out:

------------------------------
Robert Berendt IBMChampion
------------------------------