Establishing trust relationship for SSL

This topic describes the steps involved in establishing a trust relationship between iSeries host and JRE running on the PATROL Agent system. The preceding steps must be followed if you select Enable Secure Connection option while configuring the iSeries KM.

On the iSeries host

  1. In the IBM System Director Navigator, create a certificate using the Digital Certificate Manager option. You may use the default Certificate Authority (CA), external Certificate Authority (CA), or Client/Server type of certificate.

    Note

    The Client/Server type of certificate is supported on iSeries V7R3 only.

  2. Export and save the certificate in .crt file format.
  3. This step is applicable only if you are using the default Certificate Authority (CA) or external Certificate Authority (CA) type of certificate.
    Assign the certificate to the following servers as required by the JAVA Toolbox:
    1. Database Server
    2. SignOn Server
    3. Central Server
    4. Data Queue Server
    5. Network Print Server
    6. Remote Command Server
    7. File Server
    8. i5/OS DDM/DRDA Server - TCP/IP application

On the PATROL Agent system

  1. Copy the .crt certificate file on the PATROL Agent system.
  2. Navigate to $JAVA_HOME/bin directory that is used by the PATROL Agent system and the PATROL for iSeries KM. If you have installed the JRE package using the repository with the PATROL Agent then the JRE is available at $PATROL_HOME/jre64 location.
  3. Import the certificate using the JAVA keytool utility. Enter the following command to import the certificate:
    keytool -import -keystore  lib\security\cacerts -file <certificate_file_path>

 

Note

On the iSeries host if you have used an external Certificate Authority (CA) to create the certificate, ensure that the CA is copied in lib\security\cacerts directory before executing the above command.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*