Ever have problems installing SSL certificates on a Windows-based PC?
Depending on the operating system and the browser that is installed, it can be a nightmare. On Windows 98/ME, it is usually done with Internet Explorer. On Windows 2000 and XP, there are two distinctive SSL key stores. One is the machine level and the other is for the individual users. In addition, there can be a Java-based key store. Why don't we have a single place where we can manage all of these certificates?
If you are using Client Access Express or iSeries Access to set up SSL or SSL over VPN, there is a little known and less-documented utility that will allow you to directly manage all of these stores and certificates.
In the directory /Program Files/IBM you should find the program CWBCOSSL.EXE. This program is the Client Access Express Certificate Authority Downloader. With this application, you can quickly import, install and manage all of your certificates on a PC without having to jump all over the operating system. The utility will allow you to connect to your iSeries system and import certificates. You can save them in a PC file or immediately install them in any of the PC-based key stores.
There is also a button for each of the stores you may need to manage, including a connection to the iSeries Digital Certificate Manager, the PC-based stores and the Java key stores. Additionally, you can set up all of the Client Access facilities, such as the Operations Navigator and your 5250 emulation sessions. With a single button for each, you can quickly verify non-SSL and SSL connections for each of the Client Access connection types --File Transfer, Telnet, 5250 and Operations Navigator connections.
You can find more information in the Redbook iSeries Access for Windows V5R2 Hot Topics: Tailored Images, Application Administration, SSL, and Kerberos by Jeremy Shutz and Jim Cook.
About the author: John Brandt is a site expert on Search400.com and vice president of technical services at iStudio400.com. He welcomes your comments and feedback; send your e-mails to firstname.lastname@example.org.