AS/400 Toolbox for Java \ Security classes \ Secure Sockets Layer \ Building your own certificate

Building your own certificate

If you choose not to use a certificate from a trusted authority, you can build your own certificate to be used on an AS/400. The certificate is built using the digital certificate manager, and the steps that follow describe how to download and use the certificate with AS/400 Toolbox for Java:
  1. Create the certificate authority on the AS/400
  2. Assign which host servers will trust the certificate authority you created
  3. Create a system certificate from the certificate authority you created
  4. Assign which host servers will use the system certificate you created
  5. Download the version of SSL that you want to use: Download the files from the following paths:
  6. From the same directory that you downloaded either sslightx.zip or sslightu.zip, download SSLTools.zip
  7. Add SSLTools.zip and either sslightx.zip or sslightu.zip to your CLASSPATH statement
  8. Create a directory on your client named com/ibm/as400/access. This directory needs to be a subdirectory of your current directory.
  9. Run the following command from a command prompt on your client:
    java com.ibm.sslight.nlstools.keyrng com.ibm.as400.access.KeyRing connect <systemname>:<port>
    

    The server port can be any of the host servers to which you have access. For example, you can use 9476, which is the default port for the secure sign-on server on the AS/400.

    Notes: You must use com.ibm.as400.access.KeyRing because it is the only location that the AS/400 Toolbox for Java will look for your certificates.

    When you are prompted to enter a password, you must enter toolbox. This is the only password that works.

    The SSL tool then connects to the AS/400 and lists the certificates it finds.

  10. Type the number of the Certificate Authority (CA) certificate that you want to add to your AS/400. Be sure to add the CA certificate and not the site certificate. A message is issued stating that the certificate is being added to com.ibm.as400.access.KeyRing.class. Note: For each certificate that you want to add, you must rerun the command:
    java com.ibm.sslight.nlstools.keyrng com.ibm.as400.access.KeyRing connect <systemname>:<port>
    

    You must download a certificate for each CA certificate you create. Each certificate is added to the KeyRing class. After adding one or more certificates, you must update your CLASSPATH statement. Your CLASSPATH must list the KeyRing.class file that resides in the directory that you created in Step 4 before jt400.zip. After this step, you are done using the sslight tool and can delete it.

Alternative method for building a certificate:

As an alternative to the method outlined above, use the following steps:

  1. Extract the KeyRing.class file from jt400.zip
  2. Run the following command to add the certificate to the KeyRing.class file that comes with the AS/400 Toolbox for Java:
    java com.ibm.sslight.nlstools.keyrng com.ibm.as400.access.KeyRing
    connect <systemname>:<port>
    
  3. Put the KeyRing.class back into jt400.zip

[ Information Center Home Page | Feedback ] [ Legal | AS/400 Glossary ]