Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > PKCS#7 certificate

I5Cert

45 pts.

PKCS#7 certificate

PKCS#7, iSeries Certificates, RTVQRYF, *QRYDFN, V6R1, V5R4

Hi,

We have a PKCS#7 certificate(webservice) needs to installed in i5. Could you please provide me the steps for installation. we have done it in windows but now we need to do the same in i5.
in windows it was simple which we just copied. but not sure how it works in i5.
Please suggest.

Software/Hardware used:
i5

ASKED: Oct 13 2009 9:41 AM GMT

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

RELATED QUESTIONS

Littlepd

500 pts.

RATE THIS ANSWER

0
Click to Vote:

First, start the HTTP Administration server on your i.
1. Start Operations Navigator
2. Open Network > Servers > TCPIP
3. Select "HTTP Administration" (It's at or near the bottom of the list)
4. Click the Start button

Once the server has started,
Open Internet Explorer and enter http://your.i5.ip.address:2001/
Login to the i5/OS Tasks manager
Click on Digital Certificate Manager
Select a Certificate Store, click Continue and enter the store password
Expand the Fast Path menu on the left
Click on Work with CA Certificates
Check if your CA is listed and enabled. I believe yours is from RSA?
If not listed, click on Import at the bottom to add
Enable the CA then Validate

Last Answered: Oct 14 2009 3:34 PM GMT by Littlepd

500 pts.

Latest Contributors: Whatis23

4040 pts.

View History

RSS - Discussions Help

Discuss This Answer:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

I5Cert 45 pts. | Oct 14 2009 4:57AM GMT

thanks for your reply.
i tried to enter the below one, but i dont see anything (network error)
<a href="http://3.101.208.98:2001/" title="http://3.101.208.98:2001/" target="_blank">http://3.101.208.98:2001/</a> (ip is a sample one)
i just got only a network error.
Please suggest how to proceed on this?

Many Thanks

Whatis23 4040 pts. | Oct 14 2009 3:43PM GMT

Are you sure 3.101.208.98 is your iSeries IP Address?

Whatis23 4040 pts. | Oct 14 2009 4:36PM GMT

Verify your IP, enter WRKTCPSTS *IFC
If 3.101.208.98 is your iSeries IP Address (your sample), check if the QHTTPSVR subsystem and appropriate ADMIN jobs are active. If not, start as noted above.

I5Cert 45 pts. | Oct 15 2009 9:24AM GMT

Thanks for your reply. the ip address which i mentioned here is different from the actual one. one more question. do we need any license to be installed for this? if yes please let me know which one.

thanks

Whatis23 4040 pts. | Oct 15 2009 7:26PM GMT

I believe it is part of the OS.
Type GO LICPGM, option 10 to view. You should see this:

5722SS1 Digital Certificate Manager

I5Cert 45 pts. | Oct 16 2009 8:01AM GMT

Thanks for your help. Will try it and let you know incase if we face any issues.

I5Cert 45 pts. | Oct 16 2009 1:07PM GMT

sorry for bothering you one more time.

Started http server.

Once the server has started,
Opened Internet Explorer and entered <a href="http://your.i5.ip.address:2001/" title="http://your.i5.ip.address:2001/" target="_blank">http://your.i5.ip.address:2001/</a>
Logged in to the i5/OS Tasks manager
Clicked on Digital Certificate Manager

Question on this step:
—- Select a Certificate Store, click Continue and enter the store password –

Certificate type: Server or client
Example certificate store file name: /MYDIRECTORY/MYFILE.KDB
Certificate store path and filename: /FACT/abc.cer
Certificate store password: password

copied the cerficate into IFS and gave the path in certificate storepath and filename.
But i get the following error “Invalid WEBDB data is encountered”

Could you please suggest?

Whatis23 4040 pts. | Oct 16 2009 9:13PM GMT

Try this:
At “Select a Certificate Store ” select the default *SYSTEM
Click Continue
enter store password, continue
Expand Fast Path
Select “Work with server and client certificates”
You will see all current certificates on your iSeries
Click in Import
At import file, enter the IFS path name to the .CRT you submitted to the CA(ex: RSA or DigiCert). I believe you should have received 3 .CRTs. One will be TrustedRoot.CRT, Two will have the provider’s name.CRT, Three is the one you want to import, the name submitted for the cert.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map