Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Workspace IBM i
Categories System Management
Created by Guest
Created on Apr 27, 2020

DCM- Support for Digital Certificate Manager on port 2010

HTTPAdmin server runs securely on port 2010 (unsecure 2001)

New DCM interface is hard-coded to run on port 2001. When implementing secure connection to the HTTPAdmin server to 2010 it breaks the new DCM portal. I had case TS003633830 open with support and they stated this was a design limitation.

Our company is required by our Department of Defense and other contractual obligations, to run all TCP/IP services and applications, in secure mode. Additionally, it is simply and a well-established best practice to run any service on any platform, on a secured port/connection.

Please enhance the new DCM to function properly on port 2010 when the HTTP admin has been configured to do the same.


Use Case:

Cannot use the new Digital Certificate Manager when running HTTPAdmin on the supported secure port. This is a security issue


Idea priority Medium
  • Guest
    Reply
    |
    Sep 25, 2020

    The admin server has been updated to route 2010 to DCM port. Below is the PTF information.

    5770DG1 V7R4M0 SI73900
    5770DG1 V7R3M0 SI73901
    5770DG1 V7R2M0 SI73902

  • Guest
    Reply
    |
    Aug 24, 2020

    The CEAC has reviewed this requirement and recommends that IBM view this as a MEDIUM priority requirement that should be addressed.

    Background: The COMMON Europe Advisory Council (CEAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CEAC has a crucial role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community and has therefore reviewed your RFE.

    To find out how CEAC help to shape the future of IBM i, see CEAC @ ibm.biz/BdYSYj and the article "The Five Hottest IBM i RFEs Of The Quarter" at ibm.biz/BdYSZT

    Therese Eaton – CEAC Program Manager, IBM

  • Guest
    Reply
    |
    May 12, 2020

    I setup the Admin3 server to run as SSL on port 2007 and can access the new DCM there.

    I also see the support page was updated today with the steps mentioned below: https://www.ibm.com/support/pages/node/6172821

    The only thing missing is the updated link in the Navigator for i "Task page"
    The link still points to :2010/dcm and does not redirect to 2007, like mentioned below.

  • Guest
    Reply
    |
    May 6, 2020

    The New DCM GUI does run under a secure port. You can configure the Admin3 server (which is now where this interface runs) to use a secure port. The default is 2007. Note... the new DCM GUI will not run under port 2010 as that is the default port for the HTTP Admin Server. Once HTTP Admin is configured for a secure port, it should do a re-route to the secure port for the Admin3 server (this reroute is what is missing and what we are looking to add.)

    But, You can access the secure DCM GUI directly using the secure port of 2007 (assuming that the default was used, you can also configure it to use what every port you wish in the Configure SSL wizard)

  • Guest
    Reply
    |
    May 5, 2020

    The ability to secure a connection to DCM is already implemented, but is not using port 2010 like the prior DCM application used.

    When configuring TLS for the legacy DCM application, it was done as part of the HTTP Administration server and ended up running in port 2010. The new DCM runs as part of the Admin3 Liberty server and when a secure connection is configured, it by default runs in secure port 2007 (not 2010).

    To configure TLS for DCM, go the IBM Web Administration for i utility.
    - Select the "Manage" tab.
    - Select the "Application Servers" tab.
    - Select server "Admin3" from the server pull down.
    - Choose "Configure SSL" from the left side pane.

    As you continue through the wizard, you will see that the secure port is 2007 for the secure connection.
    After you have completed the wizard, the Admin3 server needs to be restarted to enable listening on the 2007 secure port.

    Connecting to DCM using a secure HTTPS connection can then be done by specifying the appropriate server and port.
    https://servername.com:2007/dcm

    Does this resolve the RFE since DCM does support a secure connection when configured?