Create CA certificates for testing
The CA certificates that are provided when you install SSL are signed by the issuing CA. On i5/OS, we can generate a local Certification Authority that can sign server certificates for testing SSL communications on your system.
The instructions in this section assume that a local CA does not already exist. If a local CA does exist, go straight to Requesting a server certificate.
Use the following procedure in Internet Explorer to create a local CA certificate to sign certificate requests:
- Access the DCM interface, as described in Accessing DCM.
- In the navigation panel, click Create a Certificate Authority. The Create a Certificate Authority page displays in the task frame.
- Type a password in the Certificate store password field and type it again in the Confirm password field.
- Type a name in the Certificate Authority (CA) name field, for example SSL Test Certification Authority.
- Type a Common Name and Organization, and select a Country. For the remaining optional fields, type the values you require.
- Type a validity period for the local CA in the Validity period field. The default value is 1095 days.
- Click Continue. The CA is created, and DCM creates a certificate store and a CA certificate for your local CA.
- Click Install certificate. The download manager dialog box displays.
- Type the full path name for the temporary file in which you want to store the CA certificate and click Save.
- When download is complete, click Open. The Certificate window displays
- Click Install certificate. The Certificate Import Wizard displays.
- Click Next.
- Type the full path name of the temporary file in which you stored the CA certificate, or click Browse to find the temporary file.
- Click Next.
- Select the Automatically select the certificate store based on the type of certificate check box.
- Click Next.
- Click Finish. A confirmation window appears.
- Click OK.
- Click OK in the Certificate window.
- Click Continue. The Certificate Authority Policy page displays in the task frame.
- In the allow creation of user certificates field, select the Yes radio button.
- In the Validity period field, type the validity period of certificates that are issued by your local CA. The default value is 365 days.
- Click Continue. The Create a Certificate in New Certificate Store page displays in the task frame.
- Ensure none of the applications are selected.
- Click Continue to complete the setup of the local CA.
When you make certificate requests to the local CA, as described in Requesting a server certificate, the signed certificates can be exported and imported in PKCS #12 format into certificate stores to test SSL.
Parent topic:
Obtaining server certificates
sy12030_