Connector Guides › Connectors Guide › Connecting to Endpoints › IBM i5/OS (OS/400) Connector › OS/400 Installation › How to Secure Your Information (Optional) › Configure CA IAM CS

Configure CA IAM CS

If you are using a certificate from one of the following CAs, you do not need to perform this step:

• IBM World Registry
• Integrion Financial Network
• RSA Data Security, Inc.
• Thawte Consulting
• VeriSign, Inc.

If you want to use a certificate from a different CA, import the certificate into CA IAM CS. If you use the same certificate for each OS/400 system, you will perform these steps only once.

Follow these steps: NEW STEPS

1. Log in to CA IAM CS.
2. At the top, click the Certificates tab.

   This tab lists all of the certificates in the CA IAM CS keystore. To filter the list of certificates by their names, type in the Certificate Filter box.

3. To add a certificate, click Add, then enter the details of the certificate.

   Add a certificate:

   • Certificate—Enter the path to the certificate file
   • Alias—Enter an alias for storing the certificate

   Add a keystore:

   • Certificate—Enter the path to the keystore file
   • Alias—Enter alias for storing the certificate. This alias also identifies the certificate in that keystore.
   • Keystore Password—Enter the password of the keystore

Follow these steps: OLD STEPS

1. Stop the CA IAM CS service.
2. Copy the CA certificate from your certificate authority to the directory where the connector client certificate keystore is located. Refer to the server_jcs.properties for the setting of connectorManager.connectorClientCertStore to determine the location of the connector client certificate keystore. The default value is set to ../conf/ssl.keystore.
3. Open a DOS screen and change the DOS prompt to the directory where the connector client certificate keystore is located. For example,

   cd C:\Program Files\CA\Identity Manager\Connector Server\conf\
   

4. Issue the following command to import the CA certificate into the CA certificate store for Java:

   ..\..\bin\keytool -import -alias "eTrust Admin CA Certificate" -file 
   certificate_name.cer -keystore ssl.keystore
   

   1. Enter the default password secret (if it has not been changed) at the "Enter a keystore password" prompt.

      Note: You can use bin\ ldaps_password.bat utility to change the keystore's password.

   2. Enter yes at the "Trust this certificate" prompt.
5. Restart CA IAM CS service.