ADDWWWCERT


ADDWWWCERT - Add Commerce Certificate

The ADDWWWCERT command is used to add a signed server certificate to a specified keylist file. Commerce Server/400 can be configured to secure data, using SSL, once the signed server certificate is added to the keylist file. After the signed server certificate is successfully added to the keylist file, you must use the CHGWWWSEC command to set the server's keylist file. For example, CHGWWWSEC KEYFILE('/WWWServ/Key/KeyList.Cfg')

IMPORTANT: Make a backup copy of the keylist file after the server certificate is successfully added. If something should happen to the original (e.g., deleted, damaged) the backup would then be used. Most certification authorities will charge additional money to re-create the server certificate for a new keylist file.


ADDWWWCERT Parameters

CERTFILE - Signed Certificate File
Specifies the full-path to the file that contains the signed certificate. The signed certificate is returned from a certification authority after sending the certification authority the certificate request generated by the CRTWWWKEY command. Copy the signed certificate into a file that is in either the IFS root or QDLS AS/400 file system.

The data in the file is assumed to be ASCII data in CCSID 819.

PASSWORD - Password
The current password used to encrypt the server's keylist file. The keylist file password was initially set with the CRTWWWKEY command. The password can be changed with the CHGWWWKPWD command. If the password is case-sensitive it must be enclosed in single quotes.

KEYFILE - Keylist File
Specifies the full-path to the keylist file that was created with the CRTWWWKEY command. The keylist file stores the public and private keys and certificates used by Commerce Server/400. Ensure that only authorized users have access to the keylist file. The server user profile must have access to read the keylist file.

The default keylist file is '/WWWServ/Key/KeyList.Cfg'.

IMPORTANT: Make a backup copy of the keylist file after the server certificate is successfully added. If something should happen to the original (e.g., deleted, damaged) the backup would then be used. Most certification authorities will charge additional money to re-create the server certificate for a new keylist file.

FORMAT - Signed Certificate Format
This is the format of the signed certificate. If you are not sure contact your certification authority. The following two formats are supported:

  1. *PEM
    Internet Privacy-Enhanced Mail (RFC1424) format.

  2. *PKCS10
    Public-Key Cryptography Standards format. Also referred to as a X.509 public key certificate. There must be a header line that begins with 5 dashes and "BEGIN" before the certificate data (i.e., -----BEGIN). This is the default format.

Authorizing a User to ADDWWWCERT

A user that does not have *ALLOBJ special authority must be authorized as follows to run the ADDWWWCERT command: