Ask a Question

Advanced Search

Solution ID : SO5208

Last Modified : 06/12/2019

Certificate Signing Request (CSR) Generation Instructions for IBM iSeries / AS400


This document provides instructions for generating a Certificate Signing Request (CSR) for IBM iSeries / AS400 server. If you are unable to use these instructions for your server, Symantec recommends that you contact IBM.

NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a Certificate Signing Request, perform following steps: 

  1. Start Digital Certificate Manager (DCM).
    NOTE: If you having problems with DCM refer to IBM iSeries Information Center 
  2. In the navigation pane, select Create New Certificate Store
    NOTE: For renewal, select Select a Certificate Store > Manage Certificates > Renew Certificate > select certificate you want to renew > Renew
  3. Select *SYSTEM as your certificate store > Continue
  4. Select Yes to create a certificate as part of creating the *SYSTEM certificate store 
  5. Click Continue
  6. Select Symantec as the signer of the new certificate 
  7. Click Continue
  8. A form will display.  The information inputted into this form will display on your certificate.
    • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
    • Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. 
    • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    • Common Name (CN): The Common Name is the Host + Domain Name. It looks like "" or "".
      NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "" will receive a warning if accessing a site named "" or "", because "" and "" are different from "".
  9. Complete the form > click Continue
    NOTE:  Make sure to copy and paste the certificate signing request (CSR) file into a plain text editor and save.  If you close your window without saving, you will need to start over.
  10. Verify your CSR
  11. Proceed with Enrollment

Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO5209


       For more information refer to IBM Support