Establishing trust relationship for SSL
Use the following steps to establish a trust relationship between the iSeries host and JRE running on the PATROL Agent system. These steps must be followed if you select the Enable Secure Connection option while configuring the iSeries KM.
On the iSeries host
In the IBM System Director Navigator, create a certificate using the Digital Certificate Manager option. You may use the default Certificate Authority (CA), external Certificate Authority (CA), or Client/Server type of certificate.
The Client/Server type of certificate is supported on iSeries V7R3 only.
- Export and save the certificate in .crt file format.
- This step is applicable only if you are using the default Certificate Authority (CA) or external Certificate Authority (CA) type of certificate.
Assign the certificate to the following servers as required by the Java Toolbox:
- Database Server
- SignOn Server
- Central Server
- Data Queue Server
- Network Print Server
- Remote Command Server
- File Server
- i5/OS DDM/DRDA Server - TCP/IP application
On the PATROL Agent system
- Copy the .crt certificate file on the PATROL Agent system.
- Navigate to <JAVA_HOME>/bin directory that is used by the PATROL Agent system and the PATROL for iSeries KM. If you have installed the JRE package using the repository with the PATROL Agent then the JRE is available at <PATROL_HOME>/jre64 location.
- Import the certificate using the JAVA keytool utility. Enter the following command to import the certificate:
keytool -import -keystore lib/security/cacerts -file <certificate_file_path>
On the iSeries host if you have used an external Certificate Authority (CA) to create the certificate, ensure that the CA is copied in lib/security/cacerts directory before executing the above command.