Establishing trust relationship for SSL

Use the following steps to establish a trust relationship between the iSeries host and JRE running on the PATROL Agent system. These steps must be followed if you select the Enable Secure Connection option while configuring the iSeries KM.

On the iSeries host 

  1. In the IBM System Director Navigator, create a certificate using the Digital Certificate Manager option. You may use the default Certificate Authority (CA), external Certificate Authority (CA), or Client/Server type of certificate.


    The Client/Server type of certificate is supported on iSeries V7R3 only.

  2. Export and save the certificate in .crt file format.
  3. This step is applicable only if you are using the default Certificate Authority (CA) or external Certificate Authority (CA) type of certificate. 
    Assign the certificate to the following servers as required by the Java Toolbox:
    1. Database Server
    2. SignOn Server
    3. Central Server
    4. Data Queue Server
    5. Network Print Server
    6. Remote Command Server
    7. File Server
    8. i5/OS DDM/DRDA Server - TCP/IP application

On the PATROL Agent system

  1. Copy the .crt certificate file on the PATROL Agent system.
  2. Navigate to <JAVA_HOME>/bin directory that is used by the PATROL Agent system and the PATROL for iSeries KM. If you have installed the JRE package using the repository with the PATROL Agent then the JRE is available at <PATROL_HOME>/jre64 location.
  3. Import the certificate using the JAVA keytool utility. Enter the following command to import the certificate:

    keytool -import -keystore  lib/security/cacerts -file <certificate_file_path>



On the iSeries host if you have used an external Certificate Authority (CA) to create the certificate, ensure that the CA is copied in lib/security/cacerts directory before executing the above command.

Was this page helpful? Yes No Submitting... Thank you