This document provides instructions for generating a Certificate Signing Request (CSR) for IBM iSeries / AS400 server. If you are unable to use these instructions for your server, Symantec recommends that you contact IBM.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a Certificate Signing Request, perform following steps:
- Start Digital Certificate Manager (DCM).
NOTE: If you having problems with DCM refer to IBM iSeries Information Center
- In the navigation pane, select Create New Certificate Store
NOTE: For renewal, select Select a Certificate Store > Manage Certificates > Renew Certificate > select certificate you want to renew > Renew
- Select *SYSTEM as your certificate store > Continue
- Select Yes to create a certificate as part of creating the *SYSTEM certificate store
- Click Continue
- Select Symantec as the signer of the new certificate
- Click Continue
- A form will display. The information inputted into this form will display on your certificate.
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.symantec.com" or "symantec.com".
NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "symantec.com" will receive a warning if accessing a site named "www.symantec.com" or "secure.symantec.com", because "www.symantec.com" and "secure.symantec.com" are different from "symantec.com".
- Complete the form > click Continue
NOTE: Make sure to copy and paste the certificate signing request (CSR) file into a plain text editor and save. If you close your window without saving, you will need to start over.
- Verify your CSR
- Proceed with Enrollment
Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO5209
For more information refer to IBM Support