Ensuring that Sametime has access to the *SYSTEM certificate store

Assign IBM® Sametime® access to the IBM i *SYSTEM certificate store.

About this task

Sametime must be able to access certificates located in the DCM *SYSTEM certificate store when connecting to an LDAP server using SSL. The DCM *SYSTEM certificate store is located in the /qibm/userdata/icss/cert/server directory on an IBM i server.

QNOTES is an IBM i user profile created by IBM Domino® and used by Sametime. By default, the QNOTES user profile does not have access to the DCM *SYSTEM certificate store or the /qibm/userdata/icss/cert/server directory, although the higher level directories usually have *PUBLIC *RX authority which allows QNOTES to access those directories.

Provide Sametime with access to the *SYSTEM certificate store by completing the following step:

Procedure

  1. Run the following command from any IBM i command line to view the contents of the /qibm/userdata/icss/cert/server directory and verify the name of the certificate store:

    By default, the certificate store is named default.kdb and uses "sametime" as the password.

    WRKLNK '/QIBM/USERDATA/ICSS/CERT/Server/*'
  2. Run the following commands from any IBM i command line to ensure QNOTES has the necessary authority to the DCM *SYSTEM certificate store and associated directory: 
    CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server') USER(QNOTES) DTAAUT(*RX)
CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.RDB') USER(QNOTES) DTAAUT(*RX)
CHGAUT OBJ('/QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.KDB') USER(QNOTES) DTAAUT(*RX)

    In this example:

    • QNOTES is the user receiving access
    • default.kdb is the name of the certificate store