Configuring IBM System i servers for secure connection

Follow the steps below to configure a CustomizedCAs keyring:
  1. Ensure that java is installed in the system.
  2. Open a unix/AIX-based command line. For example, QSHELL or IBM I PASE shell.
  3. Navigate to the Z and I Emulator for Web publish folder in the Z and I Emulator for Web installation directory. Generally, it is /QHCL/ProdData/ZIEForWeb/ZIEWeb/.
  4. Enter the command
    java -classpath .:your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs connect myServer.raleigh.hcl.com:702
    . This command can take a few minutes to complete. If you are asked for a password, type zieweb and press Enter.
  5. Select the certificate number that corresponds to the Certificate Authority (CA) that you want to add to the keyring. Be sure to add the CA certificate and not the site certificate. If the port is not responding, refer to Configuring IBM i 7.1 servers for secure connection.
  6. Repeat steps 3 to 5 for each target server.
To view the contents of the CustomizedCAs keyring, perform the following steps:
  1. Ensure that java is installed in the system.
  2. Open a linux-based shell, for example, QSHELL or IBM i PASE shell.
  3. Navigate to the Z and I Emulator for Web publish folder in the Z and I Emulator for Web installation directory. Generally, it is /QHCL/ProdData/ZIEForWeb/ZIEWeb/.
  4. Enter the command
    java -classpath .: your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs list
    .