Category Archives: Open Source

Create a Self-Signed Certificate with OpenSSL on IBM i

How to Install an SSL Certificate on IBM i

Installing SSL certificates on IBM i can be done effectively using OpenSSL. In this guide, we will walk through generating a private key, creating a certificate signing request (CSR), generating a self-signed certificate, and converting it to PKCS12 format if needed.

Prerequisites:

  • OpenSSL installed on your IBM i system.
  • Access to QP2TERM (PASE for i).

Step 1: Access IBM i PASE (QP2TERM)

To begin, you need to access the QP2TERM terminal, which allows you to execute OpenSSL commands on IBM i. Use the following command to launch the terminal:

 

CALL QP2TERM

Step 2: Generate a Private Key and CSR (Certificate Signing Request)

To create a new private key and a CSR, you can use either of the following approaches:

Option 1: Generating a Key and Self-Signed Certificate in One Step

Use this OpenSSL command to generate a private key and a self-signed certificate in one step:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Option 2: Separate Key and CSR Generation

Alternatively, you can generate the private key and CSR in separate steps:

  • Generate a private key (password protected):
openssl genrsa -des3 -out server.key 1024
  • Generate a CSR:
openssl req -new -key server.key -out server.csr

Optional: Remove the password from the private key:

  • Make a backup of the original private key:
cp server.key server.key.org
  • Remove the password:
openssl rsa -in server.key.org -out server.key

Step 3: Generate a Self-Signed Certificate

Once the private key and CSR are generated, use them to create a self-signed SSL certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 4: Convert to PKCS12 Format (Optional)

If needed, you can convert the generated certificate and key into a PKCS12 format (.pfx):

openssl pkcs12 -export -out exported.pfx -inkey server.key -in server.crt

Step 5: Use the SSL Certificate on IBM i

After generating the certificate, import it into your IBM i server’s digital certificate manager (DCM) or use it in your web server or other applications.

Reference

For additional details, visit IBM’s support page on creating self-signed certificates using OpenSSL.

No Comments IBM i, Open Source, SSL

NGINX on IBM i

To start default configuration:

===> /QOpenSys/pkgs/bin/nginx -c /QOpenSys/etc/nginx/nginx.conf

To stop:

===> /QOpenSys/pkgs/bin/nginx -c /QOpenSys/etc/nginx/nginx.conf -s stop

To list processes:

===> ps aux | grep nginx

or

===> ps ax | grep nginx
===> ps -f -u ernest

Sample nginx configuration file:

worker_processes  3;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {
        listen       9010;
        server_name  localhost;

        location / { try_files $uri @er; }
		location @er {
		    include fastcgi_params;
		    fastcgi_param PATH_INFO $fastcgi_script_name;
		    fastcgi_param SCRIPT_NAME "";
		    fastcgi_pass unix:/tmp/er9010f-fcgi.sock;
		}

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /\.ht {
            deny  all;
        }
    }
}

More on ps command: https://www.binarytides.com/linux-ps-command/

No Comments IBM i, NGINX, Open Source

Open Source on IBM i 

===> /QOpenSys/pkgs/bin/yum install <package>

Add yum (and other packages) to your path if want to call it directly

===> PATH=/QOpenSys/pkgs/bin:$PATH
===> export PATH

or if you want to store it permanently in your profile

===> echo 'PATH=/QOpenSys/pkgs/bin:$PATH' >> $HOME/.profile
===> export PATH >> $HOME/.profile

Some useful yum commands

===> yum list available
===> yum list installed
===> yum list all
===> yum search <package>
===> yum remove <package>

Use rpm for more detailed info about packages. Following will show when was each individual package updated.

===> rpm -qa --last
===> rpm -q <package> --last

This command will list all installed files for a package

===> rpm -ql <package>

 

References:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1022619

https://bitbucket.org/ibmi/opensource/src/master/docs/yum/

No Comments IBM i, Open Source, PASE