SSL Requirements
To use System SSL, ensure that you have configured Digital Certificate Manager (Option 34) and IBM HTTP Server (5761DG1).
Digital Certificate Manager
The Digital Certificate Manager (DCM) centralizes the management and use of certificates within certificate stores on an IBM i system. It provides the functionality to create a local Certificate Authority (CA) that can be used to issue client certificates. The DCM can also be used to import certificates obtained from other sources, such as the sample certificates shipped with the TIBCO EMS Client for IBM i.
For details on how to obtain a copy of the private CA certificate from the DCM, see the "Digital Certificate Manager" section in the IBM iSeries Information Center.
IBM HTTP Server
The HTTP *ADMIN instance can be used to administer the DCM using a web browser. To administer the DCM, a user profile with *ALLOBJ and *SECADM special authority is required.
For more information on how to start the HTTP *ADMIN instance and administer the DCM, see the IBM documentation for the Digital Certificate Manager.
Special Authority
Applications that use the TIBCO EMS Client for IBM i and SSL must have read access to a certificate store. The application either has to be run with a user profile that has *ALLOBJ special authority, or the user profile is given *RX data authority to the certificate store using the CHGAUT command.
You can find the path and file name for the object used with the CHGAUT command when using the web browser interface to the DCM and selecting the certificate store to open.