IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Delivered
Workspace IBM i
Categories IBM i Access Family
Created by Guest
Created on Oct 19, 2016

RELATED IDEAS

Centralized Location for cacert file for IBM ACS

IBM Access Client Solutions

Currently, everytime a new Certificate Authority used on the IBM i, Users get a Pop-up asking to Accept the CA. To ease confusion, it would be nice to have a similar capability as in IBM System i Access where the Certificate Store and related files (cwbssldf.kdb, cwbssldf.sth, and cwbssljavaca.jck) are located in a central location on the PC (C:\Users\Public\Documents\IBM\Client Access\"), that way, IT can push add the CA to the cert store (cacerts) and place that file into 1 location on each machine. Currently we have to place it in each user profile on each machine with ACS installed, just in case they ever need to use the system.


Use Case:

Verisign gets purchased by Symantec.

Verisign Intermediate Certificate Authority is Revoke and replaced by Symantec Intermediate Certificate Authority.

IBM i LPAR1 (Production system) certificate expires in 3 weeks

IBM i LPAR2 is a DEV system similar to LPAR1

The Certificate teams processes the new certficiate for LPAR2 and gets the new Intermediate CA and Certificate installed and is assigned to all SERVER applications

IBM i Team connects to LPAR2, gets the Prompts to accept the new CA

IBM i Team copies the update CACERT file and sends it to the Automation Team.

The Automation Team creates an MSI which copies the new CACERT file to the centralized location on each machine where IBM ACS is installed.

The Certificate teams processes the new certficiate for LPAR1 and gets the new Intermediate CA and Certificate installed on LPAR1

1 Week prior to the LPAR1 Certificate expiring, the IBM i Team assigns the certificate to all of the SERVER applications and bounces any services that are not able to dynamically start using the new certificate.

The next time a user makes a new connection, they will receive the new certificate without a pop-up.


Idea priority Low
  • Guest
    Reply
    |     Mar 28, 2022 
    This is supported in the current release.  You may add the the property com.ibm.iaccess.CertFile=<location> to the AcsConfig.properties file.  For example: com.ibm.iaccess.CertFile=/Users/Public/Documents/IBM/Security/cacerts
    http://www-01.ibm.com/support/docview.wss?uid=nas8N1021360

    Documentation will be added to AcsConfig.properties in our next update coming out in July 2017
  • Guest
    Reply
    |     Jun 27, 2017

    This is supported in the current release. You may add the the property com.ibm.iaccess.CertFile= to the AcsConfig.properties file. For example: com.ibm.iaccess.CertFile=/Users/Public/Documents/IBM/Security/cacerts
    http://www-01.ibm.com/support/docview.wss?uid=nas8N1021360

    Documentation will be added to AcsConfig.properties in our next update coming out in July 2017

  • Guest
    Reply
    |     Dec 21, 2016

    It would be even better if IBM made the MSI or other installation file/routine.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.