When you choose not to use a certificate from a trusted authority, you must download the server certificate (to each server that has a self-signed certificate) so that the IBM Toolbox for Java classes can use it. You also have to get the zip files that contain the encryption algorithms and add it to your CLASSPATH statement.
To use the self-signed certificate, complete the following steps:
java utilities.KeyringDB com.ibm.as400.access.KeyRing -connect <systemname>:<port>![]()
where <port> is the server port of any of the host servers. For example, you can use 9476, which is the default port for the secure sign-on server on the iSeries.
Note: You must use com.ibm.as400.access.KeyRing because it is the only location where the IBM Toolbox for Java looks for your certificates.
Note:
You need to run KeyringDB to each server that has a self-signed certificate
to add each certificate to the KeyRing class. On each iSeries that you wish
to use SSL connections, run the following command to add the certificates:
java utilities.KeyringDB com.ibm.as400.access.KeyRing connect <systemname>:<port>![]()
After completing the above steps, you have finished setting up the self-certificates. You can run the application, after you ensure the following are in your CLASSPATH statement:
Because jt400.jar contains the default copy of KeyRing.class, the directory that contains com\ibm\as400\access\KeyRing.class must be in the CLASSPATH before jt400.jar.
Note: Instead of adding the directory that contains the KeyRing.class file to your CLASSPATH statement, you can replace the old class in jt400.jar with the new KeyRing.class.