This document is a checklist to run through when setting up DCM (Digital Certificate Manager) for the following: -
Ensure the Digital Certificate Manager service is started by checking that the QHTTPSVR subsystem is active and a specific set of ADMIN* jobs are running based on the operating system version that you have installed. If QHTTPSVR is not running, run command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
When the DCM service is running and the QHTTPSVRADMIN*jobs are active, use a web browser to access the DCM management portal and check that the *SYSTEM certificate store exists. Use the following URL to access the DCM portal (where iseries-system-name is the name of your iSeries):-
You will be presented with the following screen. Click on "Select a Certificate Store":-
The screen should now show the *SYSTEM Certificate Store.
If the *SYSTEM store does not exist, you can create it using the following IBM link:
Ensure that the files DEFAULT.KDB and DEFAULT.RDB exist in the directory: /QIBM/UserData/ICSS/Cert/Server
and that the Halcyon monitoring profile (QSYSOPR in our examples) has full authority to them.
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server') USER(QSYSOPR) DTAAUT(*RWX) OBJAUT(*ALL)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB') USER(QSYSOPR) DTAAUT(*RW) OBJAUT(*ALL)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB') USER(QSYSOPR) DTAAUT(*RW) OBJAUT(*ALL)
Still have questions? We can help. Submit a case to Technical Support.