Configuring the Z and I Emulator for Web CustomizedCAs keyring

Perform the following steps to configure a CustomizedCAs keyring:
  1. Ensure that java is installed in the system.
  2. Open a linux-based shell, for example, QSHELL or IBM I PASE shell.
  3. Navigate to the Z and I Emulator for Web publish folder in the Z and I Emulator for Web installation directory. Generally, it is /QHCL/ProdData/ZIEForWeb/ZIEWeb/.
  4. Enter the command
    java -classpath .:your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs connect myServer.raleigh.hcl.com:702
    This command can take a few minutes to complete. If you are prompted for a password, type zieweb and press Enter.
  5. Select the certificate number that corresponds to the Certificate Authority (CA) that you want to add to the keyring. Be sure to add the CA certificate and not the site certificate. If the port is not responding, refer to Configuring IBM System I servers for secure connection.
  6. Repeat steps 3to 5 for each target server.

To view the contents of the CustomizedCAs keyring, do the following:

  1. Ensure that java is installed in the system.
  2. Open a linux-based shell, for example, QSHELL or IBM I PASE shell.
  3. Navigate to the Z and I Emulator for Web publish folder in the Z and I Emulator for Web installation directory. Generally, it is /QHCL/ProdData/ZIEForWeb/ZIEWeb/.
  4. Enter the command
    java -classpath .: your_install_dir/lib/sm.zip com.ibm.hod5sslight.tools.P12Keyring CustomizedCAs list
    .
top Graphic Image
If you have multiple IBM System i machines and would like to create a single certificate that all the machines can use, consider cross certification. Refer to Managing Security, Cryptographic Services APIs, and Application System/400 Cryptographic Support/400 Version 3 for additional information about cross certification.