® Sametime access to the IBM
i *SYSTEM certificate store.
About this task
Sametime must be able to access certificates located in the DCM *SYSTEM certificate store when connecting to an LDAP server using SSL. The DCM *SYSTEM certificate store is located in the /qibm/userdata/icss/cert/server
directory on an IBM
QNOTES is an IBM
i user profile created by IBM Lotus
® and used by Sametime. By default, the QNOTES user profile does not have access to the DCM *SYSTEM certificate store or the /qibm/userdata/icss/cert/server
directory, although the higher level directories usually have *PUBLIC *RX authority which allows QNOTES to access those directories.
Provide Sametime with access to the *SYSTEM certificate store by completing the following step:
Parent topic: Installing and setting up Digital Certificate Manager on IBM i
Previous topic: Ensuring that the LDAP client trusts the LDAP server's certificate
- Run the following command from any IBM i command line to view the contents of the /qibm/userdata/icss/cert/server directory and verify the name of the certificate store:
By default, the certificate store is named default.kdb
and uses "sametime" as the password.
- Run the following commands from any IBM i command line to ensure QNOTES has the necessary authority to the DCM *SYSTEM certificate store and associated directory:
CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server') USER(QNOTES) DTAAUT(*RX)
CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.RDB') USER(QNOTES) DTAAUT(*RX)
CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.KDB') USER(QNOTES) DTAAUT(*RX)
In this example:
- QNOTES is the user receiving access
- default.kdb is the name of the certificate store