Add external CA to trust list

When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM.

Here is one of ways to get the server's root CA certificate and register it in the DCM trust list.

DCM requires root CA certificate in PEM format. If you already have such file, you have to save it to IBM i directory and can go to step 8.

Using Firefox:

1. Open required page in Firefox:

2. Click Lock icon and click Show connection details

3. Click More information:

4. View Certificate:

5. Open rightmost tab with root CA authority:

6. Scroll down and click on link Download PEM (Cert), save downloaded file:

7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem

8. Close opened page and go to DCM *SYSTEM store

9. Go to Manage Certificates and click Import Certificate:

10. Select Certificate Authority (CA) and press Continue:

11. Enter path to downloaded chain file (at IBM i) and click Continue:

12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name):

13. Press Continue:

Certificate imported.