ADDWWWCERT
ADDWWWCERT - Add Commerce Certificate
The ADDWWWCERT command is used to add a signed server certificate
to a specified keylist file.
Commerce Server/400 can be configured to secure
data, using SSL,
once the signed server certificate is added to the keylist file.
After the signed server certificate is successfully added to the keylist
file, you must use the CHGWWWSEC command to set the
server's keylist file.
For example, CHGWWWSEC KEYFILE('/WWWServ/Key/KeyList.Cfg')
IMPORTANT:
Make a backup copy of the keylist file after the server certificate is
successfully added. If something should happen to the original (e.g.,
deleted, damaged) the backup would then be used.
Most certification authorities will charge additional money
to re-create the server certificate for a new keylist file.
ADDWWWCERT Parameters
- CERTFILE - Signed Certificate File
- Specifies the full-path to the file that contains the signed certificate.
The signed certificate is returned from a certification authority after
sending the certification authority the certificate request generated by
the CRTWWWKEY command. Copy the signed certificate
into a file that is in either the IFS root or QDLS AS/400 file system.
The data in the file is assumed to be ASCII data in CCSID 819.
- PASSWORD - Password
- The current password used to encrypt the server's keylist file.
The keylist file password was initially set with the
CRTWWWKEY command.
The password can be changed with the CHGWWWKPWD command.
If the password is case-sensitive it must be enclosed in single quotes.
- KEYFILE - Keylist File
- Specifies the full-path to the keylist file that
was created with the CRTWWWKEY command. The keylist
file stores the public and private keys and certificates used by Commerce
Server/400. Ensure that only authorized users have access to the keylist file.
The server user profile must have access to read the keylist file.
The default keylist file is '/WWWServ/Key/KeyList.Cfg'.
IMPORTANT:
Make a backup copy of the keylist file after the server certificate is
successfully added. If something should happen to the original (e.g.,
deleted, damaged) the backup would then be used.
Most certification authorities will charge additional money
to re-create the server certificate for a new keylist file.
- FORMAT - Signed Certificate Format
- This is the format of the signed certificate.
If you are not sure contact your certification authority.
The following two formats are supported:
- *PEM
Internet Privacy-Enhanced Mail (RFC1424) format.
- *PKCS10
Public-Key Cryptography Standards format. Also referred to as a
X.509 public key certificate. There must be a header line that
begins with 5 dashes and "BEGIN" before the certificate data
(i.e., -----BEGIN). This is the default format.
Authorizing a User to ADDWWWCERT
A user that does not have *ALLOBJ special authority
must be authorized as follows to run the ADDWWWCERT command:
*USE authority to QSYS/ADDWWWCERT *CMD
*USE authority to WWWSERVER/WWWEACPP *PGM