Difference between revisions of "Add external CA to trust list"
Pavel.lobko (talk | contribs) (Created page with "When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will hav...") |
Pavel.lobko (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | {{DISPLAYTITLE:Add external CA to trust list}} | ||
| + | |||
When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM. | When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM. | ||
| Line 10: | Line 12: | ||
[[attachment:Google - Mozilla Firefox 24.03.2020 12_42_43.png|{{attachment:Google - Mozilla Firefox 24.03.2020 12_42_43.png||width=400}}]] | [[attachment:Google - Mozilla Firefox 24.03.2020 12_42_43.png|{{attachment:Google - Mozilla Firefox 24.03.2020 12_42_43.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step1.png|400px]] | ||
2. Click Lock icon and click Show connection details | 2. Click Lock icon and click Show connection details | ||
[[attachment:Google keys.PNG|{{attachment:Google keys.PNG||width=400}}]] | [[attachment:Google keys.PNG|{{attachment:Google keys.PNG||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step2.png|400px]] | ||
3. Click More information: | 3. Click More information: | ||
[[attachment:Page Info - https___www.google.com_ 24.03.2020 12_51_50.png|{{attachment:Page Info - https___www.google.com_ 24.03.2020 12_51_50.png||width=400}}]] | [[attachment:Page Info - https___www.google.com_ 24.03.2020 12_51_50.png|{{attachment:Page Info - https___www.google.com_ 24.03.2020 12_51_50.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step3.png|400px]] | ||
4. View Certificate: | 4. View Certificate: | ||
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 12_53_43.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 12_53_43.png||width=400}}]] | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 12_53_43.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 12_53_43.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step4.png|400px]] | ||
5. Open rightmost tab with root CA authority: | 5. Open rightmost tab with root CA authority: | ||
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_56_33.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_56_33.png||width=400}}]] | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_56_33.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_56_33.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step5.png|400px]] | ||
6. Scroll down and click on link Download PEM (Cert), save downloaded file: | 6. Scroll down and click on link Download PEM (Cert), save downloaded file: | ||
[[attachment:Save PEM cert.PNG|{{attachment:Save PEM cert.PNG||width=400}}]] | [[attachment:Save PEM cert.PNG|{{attachment:Save PEM cert.PNG||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step6.png|400px]] | ||
7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem | 7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem | ||
| Line 37: | Line 45: | ||
9. Go to Manage Certificates and click Import Certificate: | 9. Go to Manage Certificates and click Import Certificate: | ||
| − | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_05_59.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_05_59.png||width=400}}]] | + | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_05_59.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_05_59.png||width=400}}]][[Add_external_CA_to_trust_list_step9.png|400px]] |
10. Select Certificate Authority (CA) and press Continue: | 10. Select Certificate Authority (CA) and press Continue: | ||
| − | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_28_05.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_28_05.png||width=400}}]] | + | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_28_05.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_28_05.png||width=400}}]][[Add_external_CA_to_trust_list_step10.png|400px]] |
11. Enter path to downloaded chain file (at IBM i) and click Continue: | 11. Enter path to downloaded chain file (at IBM i) and click Continue: | ||
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_16_57.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_16_57.png||width=400}}]] | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_16_57.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_16_57.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step11.png|400px]] | ||
12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name): | 12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name): | ||
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_19_51.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_19_51.png||width=400}}]] | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_19_51.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 13_19_51.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step12.png|400px]] | ||
13. Press Continue: | 13. Press Continue: | ||
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 14_01_56.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 14_01_56.png||width=400}}]] | [[attachment:about_certificate - Mozilla Firefox 24.03.2020 14_01_56.png|{{attachment:about_certificate - Mozilla Firefox 24.03.2020 14_01_56.png||width=400}}]] | ||
| + | [[Add_external_CA_to_trust_list_step13.png|400px]] | ||
Certificate imported. | Certificate imported. | ||
Revision as of 14:54, 13 April 2020
When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM.
Here is one of ways to get the server's root CA certificate and register it in the DCM trust list.
DCM requires root CA certificate in PEM format. If you already have such file, you have to save it to IBM i directory and can go to step 8.
Using Firefox:
1. Open required page in Firefox:
[[attachment:Google - Mozilla Firefox 24.03.2020 12_42_43.png|Template:Attachment:Google - Mozilla Firefox 24.03.2020 12 42 43.png]] 400px
2. Click Lock icon and click Show connection details
[[attachment:Google keys.PNG|Template:Attachment:Google keys.PNG]] 400px
3. Click More information:
[[attachment:Page Info - https___www.google.com_ 24.03.2020 12_51_50.png|Template:Attachment:Page Info - https www.google.com 24.03.2020 12 51 50.png]] 400px
4. View Certificate:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 12_53_43.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 12 53 43.png]] 400px
5. Open rightmost tab with root CA authority:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_56_33.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 13 56 33.png]] 400px
6. Scroll down and click on link Download PEM (Cert), save downloaded file:
[[attachment:Save PEM cert.PNG|Template:Attachment:Save PEM cert.PNG]] 400px
7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem
8. Close opened page and go to DCM *SYSTEM store
9. Go to Manage Certificates and click Import Certificate:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_05_59.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 13 05 59.png]]400px
10. Select Certificate Authority (CA) and press Continue:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_28_05.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 13 28 05.png]]400px
11. Enter path to downloaded chain file (at IBM i) and click Continue:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_16_57.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 13 16 57.png]] 400px
12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name):
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 13_19_51.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 13 19 51.png]] 400px
13. Press Continue:
[[attachment:about_certificate - Mozilla Firefox 24.03.2020 14_01_56.png|Template:Attachment:about certificate - Mozilla Firefox 24.03.2020 14 01 56.png]] 400px
Certificate imported.
