Four Hundred Guru--How Do I Export an iSeries Certificate File?

Newsletters	Subscriptions	Forums	Safari	Store	Career	Media Kit	About Us	Contact	Search	Home

Volume 12, Number 2 -- January 25, 2012

How Do I Export an iSeries Certificate File?

Published: January 25, 2012

Hey, Joe:

I'm trying to export one of my i5/OS digital certificates into a PC file for server installation. Every time I try the export function, I get the message: An error occurred while opening files to write. What's going on and how can I export the certificate to a file? I'm running i5/OS V5R4M5.

--Abe

It could be the way you're trying to export the file. Here's how I've successfully downloaded digital certificates in the past, and where I've hit that particular message. Maybe this technique will help you export your certificate.

1. Start the IBM Web Administration for i interface on your iSeries or System i box by browsing to the following URL:

http://server_name:2001

NOTE: In order to export your certificate, you'll have to make sure the HTTP server administrator instance (ADMIN) is running on your System i box. To start the ADMIN HTTP server, run the following Start TCP/IP Server (STRTCPSVR) command.

STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

You'll see a screen that looks like this. Select the Digital Certificate Manager (DCM) option. This will open your system's DCM.

2. Inside the DCM, click on the Select a Certificate Store button to access the certificate store that contains the certificate you want to download. This brings up the following screen. In my case, the certificate resided in the *SYSTEM certificate store, so I clicked on the *SYSTEM radio button and then clicked the Continue button.

3. At this point, the DCM always asks for a password to get into my certificate store. If I don't remember the password, it gives me the option to reset it. Once the password is entered, I click on the "work with server and client certificates" option from the Fast Path dropdown in the left-hand pane on the screen. This brings me to the following screen where I can work with all my active certificates in the *SYSTEM certificate store.

Here, I click on the radio button of the certificate that I want to export (new default store – 2008 in this case) and then click on the Export button. The system will prompt me with a choice of whether I want to export the certificate to a file for use with another system, or whether the DCM should export the certificate to another certificate store on the same system. I'll choose File and click on the Continue button to export the certificate to a stream file that I can copy and load on my server.

4. The Export Server or Client Certificate function will now prompt me for a fully qualified path name and an encryption password for the exported file (see next graphic below). If I specify a network or PC folder and file name for my export file, the DCM will give me the same An error occurred while opening files to write message you've been experiencing. The trick for certificate exports is that you can only export a DCM certificate to an AS/400 Integrated File System (AS/400 IFS) file. You can't export it to a network or PC folder. If you try to save it to a PC-style folder, you will get that error.

So exporting your certificate file is really a two-step process. You have to export it to an AS/400 IFS folder first. Then you need to pull it off the IFS and move it to the server where it's going to be installed.

To export my file, I type in the AS/400 IFS file location and name where I want to store the certificate, as well as an encrypted password to access the file contents. My transfer will look like this.

The other trick here is to make sure that I have the proper file extension for loading the exported certificate file onto my target server. In this case, I used the .cer extension (certificate), but I easily could have used other certificate file extensions such as .pfx, .p12, or .pem. Check your software to see what type of extension file is needed.

5. Once the certificate is downloaded to the IFS, I would then map a network drive to the IFS and copy (or drag and drop) the file to my PC. From here, it can be loaded to the server for HTTP processing, TELNET, FTP, or another system function needing a certificate. Be careful when emailing these files. Some email clients (including Microsoft Outlook) may be fussy about opening certificate files. You may have to zip the file or copy it to a shared drive or pen drive to get it to its intended recipient.

HTH

---Joe

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
SYSTEM i DEVELOPER

Take it to the Summit!

Rise to the i can ... can you? challenge this March at the RPG & DB2 Summit in Fort Worth.

Learn the latest in practical, use-it-today tips and techniques on RPG IV, embedded SQL, PHP, RPG & the Web, Web Services, mobile apps, RSE/RDP, XML, SQL tuning & more.

Plus get expert 1-on-1 advice from gurus Paul Tuohy, Susan Gantner, Jon Paris, Skip Marchesani, Scott Klement, Mike Cain, Kent Milligan in a highly interactive, fun environment.

Follow this link for sessions.
Register by Feb 10 for just $1095 - save $300!

Senior Technical Editor: Ted Holt

Technical Editor: Joe Hertvik

Contributing Technical Editors: Edwin Earley, Brian Kelly, Michael Sansoterra

Publisher and Advertising Director: Jenny Thomas

Advertising Sales Representative: Kim Reed

Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

HiT Software: Solve data movement, data migration and data replication challenges with DBMoto
System i Developer: Upgrade your skills at the RPG & DB2 Summit in Fort Worth, March 26-28
ITJ Bookstore: The All-Everything Operating System, by Brian Kelly, Price $35

IT Jungle Store Top Book Picks

BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

The iSeries Express Web Implementer's Guide: List Price, $49.95
The iSeries Pocket Database Guide: List Price, $59
The iSeries Pocket SQL Guide: List Price, $59
The iSeries Pocket WebFacing Primer: List Price, $39
Migrating to WebSphere Express for iSeries: List Price, $49
Getting Started with WebSphere Express for iSeries: List Price, $49
The All-Everything Operating System: List Price, $35
The Best Joomla! Tutorial Ever!: List Price, $19.95


IBM Slashes Some Power7 Processor Prices Power Systems Eating Into Mainframe Sales IBM Unveils New Social Media Solutions at Lotusphere As I See It: The Second Concern Dawn of the Dead: Portals' Revenge


Pitcher's Lotus-on-IBM-i Campaign Pays Dividends TECA Data Safe Gives IBM i Customers a DR Lifeline Raz-Lee Gives Away IBM i Antivirus Software Symtrax Refreshes Output Management with Compleo 5 KeyesMail Gets Simplified APIs


Four Hundred Monitor's Full iSeries Events Calendar


January 21, 2012: Volume 14, Number 3 January 14, 2012: Volume 14, Number 2 January 7, 2012: Volume 14, Number 1 December 31, 2011: Volume 13, Number 17 December 24, 2011: Volume 13, Number 16 December 17, 2011: Volume 13, Number 15

Mellanox chops 10-gig Ethernet switch, adapter prices

Joyent rakes in $85m to build out SmartOS clouds

Intel upsets apple cart, snaps up QLogic's InfiniBand biz

Power7 chips going for a song in Big Blue January sale

Intel stirs up management team

Intel's Xeon E5 to (finally) launch in Q1

Currency flux incapacitates IBM's Q4 sales

Sikorsky plays killer copter sim on SGI Altix UV 1000

Dell, Nvidia insider traders nabbed by Feds

Red Hat guns for VMware with RHEV 3.0

Cisco boasts of 10,000th server customer

Data centers to cut LAN cord?

THIS ISSUE SPONSORED BY:
ProData Computer Services WorksRight Software System i Developer

	Printer Friendly Version

TABLE OF CONTENTS
Limited Capabilities Workaround qsort: A Better SORTA How Do I Export an iSeries Certificate File?

Four Hundred Guru

BACK ISSUES