Note: These instructions assume ONLY the ACS Windows Application Package is installed.
1) On the Windows system, run "cwbcossl.exe".
2) In the box to the right of the "Start CA download from..." button, type in the name or IP address of the IBM i. Then hit the "Start CA download from..." button.
3) Answer Yes to "Are you sure you want to trust all certificates issued by this Certificate Authority?"
4) Enter the password to allow the cwbcossl tool to store the certificate into the key database.
The default password is "ca400".
5) Exit and restart the cwbcossl tool so that it picks up the configuration changes.
6) Test SSL connectivity with the "SSL" button under Verify Connections.
7) Assuming the test was successful, change the IBM i connection object to default to SSL connectivity. To do so, open an Administrator-level CMD prompt and execute :
C:\> cwbcfg /host <the name or IP address of the IBM i used in step 2> /ssl 1 /r
Finally, configure your data connection to the IBM i. For most data provider connections (OLE DB, ODBC, .Net) you should now see traffic utilizing the SSL database host server port 9471.
Alternate option which assumes both the ACS Windows Application Package AND the java base ACS package are installed:
If you have already configured SSL with 5250 or some other function in the ACS base (java) package, administrators can go to the "Tools" drop down menu and select "Key Management". The following window will show Trusted Certificates.
Highlight the desired trusted certificate and click on the "Push to Windows..." button.
This will make the certificate available for Windows-native functions such as ODBC.
Related Information