Create a Self-Signed Certificate with OpenSSL on IBM i

How to Install an SSL Certificate on IBM i

Installing SSL certificates on IBM i can be done effectively using OpenSSL. In this guide, we will walk through generating a private key, creating a certificate signing request (CSR), generating a self-signed certificate, and converting it to PKCS12 format if needed.

Prerequisites:

OpenSSL installed on your IBM i system.
Access to QP2TERM (PASE for i).

Step 1: Access IBM i PASE (QP2TERM)

To begin, you need to access the QP2TERM terminal, which allows you to execute OpenSSL commands on IBM i. Use the following command to launch the terminal:

CALL QP2TERM

Step 2: Generate a Private Key and CSR (Certificate Signing Request)

To create a new private key and a CSR, you can use either of the following approaches:

Option 1: Generating a Key and Self-Signed Certificate in One Step

Use this OpenSSL command to generate a private key and a self-signed certificate in one step:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Option 2: Separate Key and CSR Generation

Alternatively, you can generate the private key and CSR in separate steps:

Generate a private key (password protected):

openssl genrsa -des3 -out server.key 1024

Generate a CSR:

openssl req -new -key server.key -out server.csr

Optional: Remove the password from the private key:

Make a backup of the original private key:

cp server.key server.key.org

Remove the password:

openssl rsa -in server.key.org -out server.key

Step 3: Generate a Self-Signed Certificate

Once the private key and CSR are generated, use them to create a self-signed SSL certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 4: Convert to PKCS12 Format (Optional)

If needed, you can convert the generated certificate and key into a PKCS12 format (.pfx):

openssl pkcs12 -export -out exported.pfx -inkey server.key -in server.crt

Step 5: Use the SSL Certificate on IBM i

After generating the certificate, import it into your IBM i server’s digital certificate manager (DCM) or use it in your web server or other applications.

Reference

For additional details, visit IBM’s support page on creating self-signed certificates using OpenSSL.

ER April 13, 2021 No Comments IBM i, Open Source, SSL

Protected: Renew wildcard SSL Certificate on CentOS

ER January 27, 2021

Importing/Indexing Database (MySQL or SQL Server) in Solr Using Data Import Handler

Step 1: Install Solr

Download and install Solr from Solr Website. Access Solr admin via http://localhost:8983/solr/.

Step 2: Set Up Connectors

MySQL: Download JDBC driver and place mysql-connector-java-*.jar in contrib/dataimporthandler/lib.
SQL Server: Download Microsoft JDBC driver and copy sqljdbc4.jar to the same directory.

Step 3: Create New Collection

Create a new collection folder like /solr/myproducts/conf. Copy solrconfig.xml and modify to include:

<lib dir="../../contrib/dataimporthandler/lib" regex=".*\.jar" />
<requestHandler name="/dataimport" class="org.apache.solr.handler.dataimport.DataImportHandler">
    <lst name="defaults">
        <str name="config">data-config.xml</str>
    </lst>
</requestHandler>

Step 4: Create data-config.xml

For MySQL:

<dataSource type="JdbcDataSource" driver="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/mydb1" user="root" password=""/>
<entity name="product" query="select id, name from products" deltaImportQuery="..." deltaQuery="...">

For SQL Server:

<dataSource type="JdbcDataSource" driver="com.microsoft.sqlserver.jdbc.SQLServerDriver" url="jdbc:sqlserver://servername..." user="sa" password="mypass"/>

Step 5: Edit schema.xml

Add field mappings based on your DB structure:

<field name="id" type="string" indexed="true" stored="true" required="true"/>
<field name="name" type="text_general" indexed="true" stored="true"/>

Step 6: Perform Data Import

Full import: http://localhost:8983/solr/myproducts/dataimport?command=full-import
Delta import: http://localhost:8983/solr/myproducts/dataimport?command=delta-import

References

Solr DataImportHandler Wiki

ER February 26, 2020 No Comments Solr

NGINX on IBM i

To start default configuration:

===> /QOpenSys/pkgs/bin/nginx -c /QOpenSys/etc/nginx/nginx.conf

To stop:

===> /QOpenSys/pkgs/bin/nginx -c /QOpenSys/etc/nginx/nginx.conf -s stop

To list processes:

===> ps aux | grep nginx

===> ps ax | grep nginx
===> ps -f -u ernest

Sample nginx configuration file:

worker_processes  3;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {
        listen       9010;
        server_name  localhost;

        location / { try_files $uri @er; }
		location @er {
		    include fastcgi_params;
		    fastcgi_param PATH_INFO $fastcgi_script_name;
		    fastcgi_param SCRIPT_NAME "";
		    fastcgi_pass unix:/tmp/er9010f-fcgi.sock;
		}

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /\.ht {
            deny  all;
        }
    }
}

More on ps command: https://www.binarytides.com/linux-ps-command/

ER December 12, 2018 No Comments IBM i, NGINX, Open Source

Open Source on IBM i

===> /QOpenSys/pkgs/bin/yum install <package>

Add yum (and other packages) to your path if want to call it directly

===> PATH=/QOpenSys/pkgs/bin:$PATH
===> export PATH

or if you want to store it permanently in your profile

===> echo 'PATH=/QOpenSys/pkgs/bin:$PATH' >> $HOME/.profile
===> export PATH >> $HOME/.profile

Some useful yum commands

===> yum list available
===> yum list installed
===> yum list all
===> yum search <package>
===> yum remove <package>

Use rpm for more detailed info about packages. Following will show when was each individual package updated.

===> rpm -qa --last
===> rpm -q <package> --last

This command will list all installed files for a package

===> rpm -ql <package>

References:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1022619

https://bitbucket.org/ibmi/opensource/src/master/docs/yum/

ER October 24, 2018 No Comments IBM i, Open Source, PASE

Notes from Zend Server 2018 Install

Zend Support Documentation – https://zend18.zendesk.com/hc/en-us/sections/200554323-Zend-Server-for-IBM-i

ER August 23, 2018 No Comments IBM i, Uncategorized, Zend, Zend Server

Install Zend Expressive on IBM i

$ composer create-project zendframework/zend-expressive-skeleton expressive

$ composer require zendframework/zend-db

$ composer require --dev "zendframework/zend-expressive-tooling:^0.4.1"

$ ./vendor/bin/expressive module:create MyModule

./vendor/bin/expressive middleware:create "MyModule\Action\ListModuleAction"

$ composer require tuupola/cors-middleware

$ composer require zendframework/zend-stratigility

ER August 20, 2018 No Comments Uncategorized

WordPress setup

Setup direct updates omitting FTP
```
define('FS_METHOD','direct');
```
Change owner

chown -Rv apache:apache /var/www/wordpress/

Correct permissions for directories and files

find /var/www/wordpress/ -type f -exec chmod 644 {} \;

find /var/www/wordpress/ -type d -exec chmod 755 {} \;

Selinux

chcon -t httpd_sys_rw_content_t /var/www/wordpress/ -R

setbool -P httpd_can_sendmail=1

ER July 7, 2018 No Comments Wordpress

AS/400 Tutorial

http://www.go4as400.com/Content.aspx

ER May 9, 2018 No Comments AS/400, IBM i

Protected: How To Install an SSL Certificate from a Commercial Certificate Authority

ER April 25, 2018