Importing Sample Certificates

Before configuring SSL, you have to import the sample certificates.

You can find the files to be imported in the EMI_HOME/sample/certs directory:
  • Sample CA Certificate Files:

    server_root.cert.pem

    client_root.cert.pem

  • Sample PKCS12 File:

    client_identity.p12

The certificates in these files can be imported using the Digital Certificate Manager (DCM). They are compatible with the sample certificates shipped with EMS for platforms other than IBM i.

EMS Client for IBM i uses the CA certificate from server_root.cert.pem to authenticate the server certificate that the TIBCO EMS server offers as identification during the SSL handshake.

Note:

To successfully import the file client_identity.p12 as a client certificate, the client_root.cert.pem must first be imported as a CA certificate.

Procedure

  1. Connect to the DCM browser interface.
    Use a web browser to connect to the *ADMIN instance of the IBM HTTP Server. Navigate to Digital Certificate Manager as documented in IBM i Security Digital Certificate Manager, Configuring DCM, Starting Digital Certificate Manager.
    You can usually use this URL to directly access the Digital Certificate Manager: 
    http://system_name:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0
  2. Create a new certificate store.
    In Digital Certificate Manager, click Create New Certificate Store, select Other System Certificate Store, and click Continue.
  3. Select Do not create a certificate in the certificate store and click Continue.
  4. Enter a full path for the sample certificate store of /QIBM/USERDATA/ICSS/CERT/SERVER/TIBEMSSMP.KDB and use the password string password.
  5. Confirm that the sample certificate store was created.
    Click OK.
  6. In Digital Certificate Manager, click Select a Certificate Store.
  7. Select the Other System Certificate Store and click Continue.
  8. Enter the path and password for the sample certificate store that you created in step 4, and click Continue.
  9. In the left-hand navigation pane, click Fast Path, and then click Work with CA certificates.

    The CA certificates and their status are displayed.

  10. Click Import.
    The Import Certificate Authority (CA) Certificate page is displayed.
  11. On the Import Certificate Authority (CA) Certificate page, import the EMI_HOME/sample/certs/server_root.cert.pem file, and specify TIBCO_EMS850_SERVER_ROOT as the CA certificate label.
  12. On the Import Certificate Authority (CA) Certificate page, import the EMI_HOME/sample/certs/client_root.cert.pem file, and specify TIBCO_EMS850_CLIENT_ROOT as the CA certificate label.
  13. In the left-hand navigation pane, click Fast Path, and then click Work with server and client certificates.
  14. Click Import.
    The Work with Server and Client Certificates page is displayed.
  15. On the Work with Server and Client Certificates page, import the EMI_HOME/sample/certs/client_identity.p12 file. Use password as the encryption password for this file. Specify TIBCO_EMS850_CLIENT_IDENTITY as the certificate label.