This section describes how to install a digital certificate, that is to be used as a digital signature in InterForm400.
For digital signing of PDF documents or SSL communication, you need a digital certificate.
A X.509 digital certificate with RSA keylength of 2048, packed in a PKCS#12 file are recommended and we also recommend using a well known supplier of certificates, such as Digicert, Comodo, Entrust, etc.
First you need to upload the certificate file to the IFS. You can e.g. upload it to /APF3812Home/work, but any directory can be used.
In InterForm400 you now select these options (from the InterForm400 Main Menu) to install the certificate:
80. Administering InterForm400
20. Certificate administration
1. Work with certificates
Here you see a list of the digital certificates, that are currently installed in InterForm400:
Work with certificates CER100D
Position to . . . . . . Certificate
Type options, press Enter. 2=Change 3=Copy 4=Delete 5=Display 9=User access
Opt Certificate Description Active to Authority
(No certificates to display)
End F3=Exit F5=Refresh F6=Create F11=View 2 F12=Cancel
|
Press F6=Create to add a new certificate and you will see the screen below:
Create certificate CER110D
Certificate . . . . . . . TEST Description . . . . . . . Test User From stream file . . . . . /APF3812HOME/WORK/MOCES_GYLDIG_2022.P12
Name, *PC Cert. alias . . . . . . .
Password . . . . . . . . .
Lock to serial number . . Y Y=Yes, N=No Authority . . . . . . . . *PUBLIC *PUBLIC, User profile Active period . . . . . . Blank = Validity period
F3=Exit F12=Cancel
|
The field on the screen above are:
Certificate
The name of the certificate when it has been imported. This is what you want to name it in InterForm400.
Description
A description of what/who this certificate is for.
From stream file
The stream file (including the path) containing the certificate file (in the IFS - not in QDLS) that you are installing.
Password
The password used when you exported the certificate. The password is hidden. You need to type in the password when importing or changingsoftware signatures/certificates.
Lock to serial number
Tells InterForm400 if the imported certificate is to follow the APF3812 library. If you say 'Y' the certificate will be encrypted with the serial number of the IBM i and must be reinstalled if you move the InterForm400 installation to another machine in the future. If you use 'N' the certificate will be encrypted, but will follow theInterForm400 installation i.e. if you restore the APF3812 library on another machine the certificate will still run. For maximum security 'Y' is recommended.
Authority
States where this certificate can be used. *PUBLIC means it can be used for all spooled files. If you state a user profile then spooled files can only be signed with this certificate if the job is running under the same user profile (this is the case for Auto Forms Control jobs).
Active period
The period where this certificate is intended to be used. This can later be extended to the valid period of the certificate. If you set the active period to be shorter than the valid period you will get a message e.g. giving you time to order a new certificate.
A change of 'Authority' or 'Active period' after import require that the password for the certificate is re-entered. The valid period and stamp data is updated automatically during the install of the certificate as shown below:
Display certificate CER110D
Certificate . . . . . . : TEST Description . . . . . . : Test From stream file . . . . : /APF3812HOME/WORK/MOCES_GYLDIG_2022.P12
Name, *PC Cert. alias . . . . . . :
Password . . . . . . . . :
Lock to serial number . : Y Y=Yes, N=No Authority . . . . . . . : *PUBLIC *PUBLIC, User profile Active period . . . . . : 13/12/19 13/12/22 Blank = Validity period Valid period . . . . . . : 13/12/19 13/12/22 Cert. usage . . . . . . : digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement
Creation user/stamp . . : KSE 08/04/20 15.23.19 Last change user/stamp . : KSE 08/04/20 15.23.19 F3=Exit F12=Cancel
|
