ADDWBLCERT
ADDWBLCERT - Add Secure Certificate
The ADDWBLCERT command is used to add a signed server certificate
to a specified keylist file.
Webulator/400 can be configured to secure
data, using SSL,
once the signed server certificate is added to the keylist file.
After the signed server certificate is successfully added to the keylist
file, you must use the CHGWBLSEC command to set the
server's keylist file.
For example, CHGWBLSEC KEYFILE('/Wbl/Key/KeyList.Cfg')
IMPORTANT:
Make a backup copy of the keylist file after the server certificate is
successfully added. If something should happen to the original (e.g.,
deleted, damaged) the backup would then be used.
Most certification authorities will charge additional money
to re-create the server certificate for a new keylist file.
ADDWBLCERT Parameters
- CERTFILE - Signed Certificate File
- Specifies the full-path to the file that contains the signed certificate.
The signed certificate is returned from a certification authority after
sending the certification authority the certificate request generated by
the CRTWBLKEY command. Copy the signed certificate
into a file that is in either the IFS root or QDLS AS/400 file system.
The certificate data must be in the Public-Key Cryptography Standards format
(i.e., *PKCS6 format). A *PKCS6 certificate is also referred to as a
X.509 public key certificate. There must be a header line that
begins with 5 dashes and "BEGIN" before the certificate data
(i.e., -----BEGIN). This is the default format.
The data in the file is assumed to be ASCII data in CCSID 819.
- PASSWORD - Password
- The current password used to encrypt the server's keylist file.
The keylist file password was initially set with the
CRTWBLKEY command.
The password can be changed with the CHGWBLKPWD command.
If the password is case-sensitive it must be enclosed in single quotes.
- KEYFILE - Keylist File
- Specifies the full-path to the keylist file that
was created with the CRTWBLKEY command. The keylist
file stores the public and private keys and certificates used by Webulator/400.
Ensure that only authorized users have access to the keylist file.
The server user profile must have access to read the keylist file.
The default keylist file is '/Wbl/Key/KeyList.Cfg'.
IMPORTANT:
Make a backup copy of the keylist file after the server certificate is
successfully added. If something should happen to the original (e.g.,
deleted, damaged) the backup would then be used.
Most certification authorities will charge additional money
to re-create the server certificate for a new keylist file.
Authorizing a User to ADDWBLCERT
A user that does not have *ALLOBJ special authority
must be authorized as follows to run the ADDWBLCERT command:
- Added to the
WEBULATOR product authorization list.
or
*USE authority to QSYS/ADDWBLCERT *CMD
*USE authority to WEBULATOR/WBLEACPP *PGM