Versions Compared

Old Version 1

changes.mady.by.user Brian Nordland

Saved on

compared with

New Version 2

changes.mady.by.user Brian Nordland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Secure HTTPS traffic for the PowerHA web interface requires a digital certificate. A digital certificate provides two functions:

...

Expand
titleCreating the *SYSTEM certificate store
Procedure

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. Click on Create Certificate Store on the left-hand navigation menu

  4. On the right-hand side of the page select *SYSTEM.

Info

Note: If the *SYSTEM option is not available in the list, it indicates that there is a *SYSTEM store already created on this system, and these steps have already been performed.

  1. Create a password for the

*SYSTEM store and click Create.

Info

Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts.

Result

The *SYSTEM certificate store is created on the node.

...

Expand
titleCreating the Local Certificate Authority

Procedure

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. Click on Create Certificate Store on the left-hand navigation menu.

  4. On the right-hand side of the page select Local CA.

Info

Note: If the Local CA option is not available in the list, it indicates that there is already a local certificate authority on this system, and these steps have already been performed.

  1. Create a password for the

Local CA store and click Create.

Info

Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts.

Result

The *SYSTEM certificate store is created on the node.

...

Expand
titleAssigning the Certificate to the PowerHA Webserver

Procedure

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. In the left-hand menu, select the *SYSTEM certificate store.

  4. If the *SYSTEM certificate store is not in the left-hand menu, open the certificate store:

    1. Select Open Certificate Store in the left-hand menu.

    2. Select *SYSTEM on the right-hand side of the screen.

    3. Enter the password for the *SYSTEM certificate store.

    4. Click Open.

  5. Select Manage Application Definitions.

  6. Search for QIBM_QHASM_WEB.

  7. Click on the + symbol at the lower-right of the QIBM_QHASM_WEB box.

  8. Click on Assign Certificates.

  9. Check the box for the certificate you wish to assign, and click Assign.

    Image RemovedImage Added

Result

The certificate is now assigned to the PowerHA web interface

...

Restart the PowerHA Web Interface for the new changes to take effect. For information on restarting the PowerHA web interface see Restarting the PowerHA Web Interface.

Tip

After enabling the HTTPS server, use the following format to reach the PowerHA web interface https://<system-name>:<https-port>. For example, with the default port configuration the URL would be: https://<system-name>:2099.