Difference between revisions of "Add external CA to trust list"

When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM.

Here is one of ways to get the server's root CA certificate and register it in the DCM trust list.

DCM requires root CA certificate in PEM format. If you already have such file, you have to save it to IBM i directory and can go to step 8.

Using Firefox:

1. Open required page in Firefox:

400px

2. Click Lock icon and click Show connection details

400px

3. Click More information:

400px

4. View Certificate:

400px

5. Open rightmost tab with root CA authority:

400px

6. Scroll down and click on link Download PEM (Cert), save downloaded file:

400px

7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem

8. Close opened page and go to DCM *SYSTEM store

9. Go to Manage Certificates and click Import Certificate:

400px

10. Select Certificate Authority (CA) and press Continue:

400px

11. Enter path to downloaded chain file (at IBM i) and click Continue:

400px

12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name):

400px

13. Press Continue:

400px

Certificate imported.