Versions Compared

Version Old Version 2 New Version Current
Changes made by

Aaron Fistler

Aaron Fistler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Secure HTTPS traffic for the BRMS web interface requires a digital certificate. A digital certificate provides two functions:

...

Expand
titleCreating the *SYSTEM certificate store

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. Click on Create Certificate Store on the left-hand navigation menu

  4. On the right-hand side of the page select *SYSTEM.

Image Modified
Info

Note: If the *SYSTEM option is not available in the list, it indicates that there is a *SYSTEM store already created on this system, and these steps have already been performed.

  1. Create a password for the *SYSTEM store and click Create.

Info

Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts.

Procedure

After the *SYSTEM certificate store is created, the procedure consists of the following steps:

...

Expand
titleCreating the Local Certificate Authority

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. Click on Create Certificate Store on the left-hand navigation menu.

  4. On the right-hand side of the page select Local CA.

    Image Modified
Info

Note: If the Local CA option is not available in the list, it indicates that there is already a local certificate authority on this system, and these steps have already been performed.

  1. Create a password for the Local CA store and click Create.

Info

Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts.

Result

The *SYSTEM certificate store is created on the node.

Expand
titleCreating a Certificate Authority (CA) Certificate

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. In the left-hand menu, select Local CA

    Image Modified

  4. If Local CA is not in the left-hand menu, open it by doing the following:

    1. Select Open Certificate Store.

    2. Enter the password for the local certificate authority, and click open.

    3. The Local CA will now automatically be selected in the left-hand menu.

  5. Under Certificate Authority (CA) Certificates, create one if one does not exist by selecting Create.

  6. Fill n the required fields. At a minimum:

    1. Common name: Provide a unique common name for this. For example: MyCompany MySystem CA

    2. Organization Name: Provide the name of your company

    3. State or Province: Provide the state or province of the system

    4. Country or Region: Provide the two character country code

      Image AddedImage Modified

  7. Click Create.

Result

The CA Certificate is created on the node.

Expand
titleCreating a Self-Signed Certificate

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. In the left-hand menu, select the *SYSTEM certificate store.

    Image Modified

  4. If the *SYSTEM certificate store is not in the left-hand menu, open the certificate store:

    1. Select Open Certificate Store in the left-hand menu.

    2. Select *SYSTEM on the right-hand side of the screen.

      Image Modified

    3. Enter the password for the *SYSTEM certificate store.

    4. Click Open.

  5. Under certificates on the right-hand side, select Create.

    Image Modified

  6. For type, select Local CA

  7. Fill in the required fields. At a minimum:

    1. Label: Provide a unique common name for this. For example: MyCompany MySystem BRMS Web Interface

    2. Organization Name: Provide the name of your company

    3. State or Province: Provide the state or province of the system

    4. Country or Region: Provide the two character country code

  8. Click Create.

Result

The self-signed certificate is created on the node.

1.b Importing a Trusted Certificate

...

Expand
titleAssigning the Certificate to the BRMS Webserver

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. In the left-hand menu, select the *SYSTEM certificate store.

    Image Modified

  4. If the *SYSTEM certificate store is not in the left-hand menu, open the certificate store:

    1. Select Open Certificate Store in the left-hand menu.

    2. Select *SYSTEM on the right-hand side of the screen.

      Image Modified

    3. Enter the password for the *SYSTEM certificate store.

    4. Click Open.

  5. Select Manage Application Definitions.

    Image Modified

  6. Image Removed

  7. Image Removed

  8. Search for QIBM_QBRM_WEB.

  9. Click on the + symbol at the lower-right of the QIBM_QBRM_WEB box.

  10. Click on Assign Certificates.

  11. Click the box for the certificate you wish to assign, and click Assign.

3. Enabling the secure HTTPS server

...