Difference between revisions of "Add external CA to trust list"
Pavel.lobko (talk | contribs) |
Pavel.lobko (talk | contribs) |
||
| Line 11: | Line 11: | ||
1. Open required page in Firefox: | 1. Open required page in Firefox: | ||
| − | |||
[[Add_external_CA_to_trust_list_step1.png|400px]] | [[Add_external_CA_to_trust_list_step1.png|400px]] | ||
2. Click Lock icon and click Show connection details | 2. Click Lock icon and click Show connection details | ||
| − | |||
[[Add_external_CA_to_trust_list_step2.png|400px]] | [[Add_external_CA_to_trust_list_step2.png|400px]] | ||
3. Click More information: | 3. Click More information: | ||
| − | |||
[[Add_external_CA_to_trust_list_step3.png|400px]] | [[Add_external_CA_to_trust_list_step3.png|400px]] | ||
4. View Certificate: | 4. View Certificate: | ||
| − | |||
[[Add_external_CA_to_trust_list_step4.png|400px]] | [[Add_external_CA_to_trust_list_step4.png|400px]] | ||
5. Open rightmost tab with root CA authority: | 5. Open rightmost tab with root CA authority: | ||
| − | |||
[[Add_external_CA_to_trust_list_step5.png|400px]] | [[Add_external_CA_to_trust_list_step5.png|400px]] | ||
6. Scroll down and click on link Download PEM (Cert), save downloaded file: | 6. Scroll down and click on link Download PEM (Cert), save downloaded file: | ||
| − | |||
[[Add_external_CA_to_trust_list_step6.png|400px]] | [[Add_external_CA_to_trust_list_step6.png|400px]] | ||
| Line 45: | Line 39: | ||
9. Go to Manage Certificates and click Import Certificate: | 9. Go to Manage Certificates and click Import Certificate: | ||
| − | + | [[Add_external_CA_to_trust_list_step9.png|400px]] | |
10. Select Certificate Authority (CA) and press Continue: | 10. Select Certificate Authority (CA) and press Continue: | ||
| − | + | [[Add_external_CA_to_trust_list_step10.png|400px]] | |
11. Enter path to downloaded chain file (at IBM i) and click Continue: | 11. Enter path to downloaded chain file (at IBM i) and click Continue: | ||
| − | |||
[[Add_external_CA_to_trust_list_step11.png|400px]] | [[Add_external_CA_to_trust_list_step11.png|400px]] | ||
12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name): | 12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name): | ||
| − | |||
[[Add_external_CA_to_trust_list_step12.png|400px]] | [[Add_external_CA_to_trust_list_step12.png|400px]] | ||
13. Press Continue: | 13. Press Continue: | ||
| − | |||
[[Add_external_CA_to_trust_list_step13.png|400px]] | [[Add_external_CA_to_trust_list_step13.png|400px]] | ||
Certificate imported. | Certificate imported. | ||
Revision as of 14:57, 13 April 2020
When using the i2Rest Client to access external https resources, you might meet error "Certificate is not signed by a trusted certificate authority". In this case you will have to add the root CA certificate of the target server to the list of trusted certificates in DCM.
Here is one of ways to get the server's root CA certificate and register it in the DCM trust list.
DCM requires root CA certificate in PEM format. If you already have such file, you have to save it to IBM i directory and can go to step 8.
Using Firefox:
1. Open required page in Firefox:
2. Click Lock icon and click Show connection details
3. Click More information:
4. View Certificate:
5. Open rightmost tab with root CA authority:
6. Scroll down and click on link Download PEM (Cert), save downloaded file:
7. Copy downloaded file to your IBM i folder, for example to /tmp/www-google-com.pem
8. Close opened page and go to DCM *SYSTEM store
9. Go to Manage Certificates and click Import Certificate:
10. Select Certificate Authority (CA) and press Continue:
11. Enter path to downloaded chain file (at IBM i) and click Continue:
12. Enter certificate label for imported CA (up to you, don't have to be the same as CA common name):
13. Press Continue:
Certificate imported.
