Using a self-signed certificate

Begin changeWhen you choose not to use a certificate from a trusted authority, you must download the self-signed Certificate Authority (CA) certificate (from each server that has a self-signed CA certificate) so that the IBM Toolbox for Java classes can use it.End change You also have to get the zip files that contain the encryption algorithms and add it to your CLASSPATH statement.

To use the self-signed certificate, complete the following steps:

  1. Select the directory where you want to put the zip files.
  2. Download the version of SSL that you want to use by copying both the encryption algorithms and the utilities you need to work with a self-signed certificate:
  3. Add ssltools.jar and the zip files to your CLASSPATH statement.
  4. Create a directory on your client named <SSL>\com\ibm\as400\access where <SSL> is the directory where you copied the jar and zip files.
  5. From a command prompt within the <SSL> directory on your client, run the following command:
         java utilities.KeyringDB com.ibm.as400.access.KeyRing -connect <systemname>:<port>

    where <port> is the server port of any of the host servers. For example, you can use 9476, which is the default port for the secure sign-on server on the iSeries.

  6. Begin changeType the number of the Certificate Authority (CA) certificate that you want to add to your keyring.End change Be sure to add the CA certificate and not the site certificate.
  7. When you are prompted to enter a certificate name, you can type any alphanumeric string.

    Note: You need to run KeyringDB to each server that has a self-signed certificate to add each certificate to the KeyRing class. On each iSeries that you wish to use SSL connections, run the following command to add the certificates:

         java utilities.KeyringDB com.ibm.as400.access.KeyRing -connect <systemname>:<port>

After completing the above steps, you have finished setting up the self-certificates. You can run the application, after you ensure the following are in your CLASSPATH statement:

Because jt400.jar contains the default copy of KeyRing.class, the directory that contains com\ibm\as400\access\KeyRing.class must be in the CLASSPATH before jt400.jar.

Note: Instead of adding the directory that contains the KeyRing.class file to your CLASSPATH statement, you can replace the old class in jt400.jar with the new KeyRing.class.