Installing & Renewing SSL on Strategi Webserver
Product: Strategi
Modified Date:

SSL is the strongest encryption available to secure transactions over the internet. Installing SSL on a Strategi webserver is simple. This document assumes that, as a customer, you have submitted all necessary paperwork & payment to use Strategi SSL. It also assumes that you have acquired or know your organization's Dun & Bradstreet D-U-N-S number. It is likely your Accounting Department will know your D&B number.

The steps in this document can also be followed to properly renew your SSL certificate. It is important to renew your certificate in this manner, as it will generate a new private key. Renewal methods that make use of a previous CSR (Certificate Signing Request) will use the previous year's private key, and therefore, incur greater risk that the key will be cracked. If you have already proceeded through a renewal process and received a new certificate without following this procedure, please contact BusinessLink Technical Support staff for help in proceeding.

Preparing Strategi for SSL key

Step 1 - Install SSL Enabling License Key
This step can be skipped if an SSL Enabling License Key has already been installed. If you are renewing, you will generally already have this key installed)
  • Contact BusinessLink Technical Support, who will create a new SSL enabling license key for you.
  • Install the license key.
  • Restart Strategi.

    Step 2 - Enter SSL Required Information
  • (iSeries 400 Command) ADDLIBLE STRATEGI
  • (iSeries 400 Command) GENSGISSL
    WEBSITE(DEFAULT)The name of the Strategi Website definition you are creating a certificate for. In many cases this is DEFAULT
    KEYLEN(1024)In most cases 1024
    HOST(abc.yourdnsname.com)The DNS name of your Strategi site. This must be DNS. If you do not have a DNS name for the IP address that Strategi uses on your iSeries 400, postpone SSL install until a name is acquired.
    NAME(The Company, Ltd.)The name of your Organization
    UNIT(Tech Support)The Department this website will represent
    LOCALITY(City)City Name, or, if more appropriate, County Name
    STATE(State Full Name)The full name of your state or province, for example, "Washington", not "WA"
    COUNTRY(CO)Two Character Country Code. If in doubt, check http://digitalid.verisign.com/ccodes.html.


    Step 3 - Set Proper Authorities to Certificate Zones and SYSTEM Server
  • (iSeries 400 Command) GO STRATEGI/SGI
  • Select "6" for "Work With Websites"
  • Select "12" for "Work with Zones" for the RESOURCES website
  • Select "12" for "Work with Authorities" on the "CERTIFICATE" zone
  • Use F6 to add your user number for *READWRITE authority
  • Return to the command line
  • (iSeries 400 Command) ADDHSMAUT
    SVRNAM(*SYSTEM)
    OPCODE(SSLCSR)
    SETFOR:
        REQUESTOR TYPE:Leave as *USER
        REQUESTOR ID:Replace "N" with your Strategi User number.
    ALWACC(*YES)
  • (iSeries 400 Command) ADDHSMAUT
    SVRNAM(*SYSTEM)
    OPCODE(SSLCTF)
    SETFOR:
        REQUESTOR TYPE:Leave as *USER
        REQUESTOR ID:Replace "N" with your Strategi User number.
    ALWACC(*YES)


    Applying for an SSL Server Certificate

    Step 1 - Acquire a Certificate Request for Strategi Website
  • Go to http://your.ip.address/resources/main.htm
  • Click the "Services Page" link
  • Click the "SSL Certificate Request" link
  • Log in using your Strategi user id
  • Enter your website code (in most cases "DEFAULT")
  • Click the "GET REQUEST" button
  • On the SSL Certificate Request Retrieval Page, select the certificate, selecting from where it says "----BEGIN----" to "----END----".
  • Copy the request to your clipboard.

    Step 2 - Submit Server Certificate Application
  • Open a new browser window.
  • Go to https://www.thawte.com
  • Click on "SSL Certificates" on the side bar
  • Click "Buy"
  • Read up on the various plans offered.
  • Unless you prefer otherwise, click "Buy" for one-year on the "SSL Server Certificate [40-, 56- or 128-bit]". Note: At the time of the last update of this document, Thawte offers several plans, of which the "SSL Server Certificate [40-, 56- or 128-bit]" package is the most viable for the majority of sites. This package will allow 128-bit encryption. Select "SuperCert [128-bit]" only if you must provide 128-bit encryption to international websites.
  • When you get to the "Certificate Signing Request (CSR)" page, paste the contents of your clipboard (which should be the CSR from Strategi) into the large field designated for your CSR.
  • On the same page, you will need to select your "Web Server Software". Select "Other" and type "Strategi by ADVANCED BusinessLink" in the field to the right.
  • The rest of the application is very straightforward. Proceed through until you get through to the screen that tells you your certificate is on the way!
    Note: If purchasing your certificate from Verisign, the type of certificate to choose is Apache.


    Installing and Testing SSL Certificate

    Step 1 - Receive the Certificate
  • Thawte will email you a notification that the certificate is ready, and tell you how to pick it up.
  • Copy the certificate contents to your clipboard Important Note: Your CA may return your certificate in PKCS#7 format
    (indicated by "-----BEGIN PKCS #7 SIGNED DATA-----" at the top of the text).
    This format cannot be installed into Strategi.
    Click here for information on how to export your server certificate out of this file.

    Step 2 - Apply Certificate to Strategi Webserver
  • Go to http://your.ip.address/resources/main.htm
  • Click the "Services Page" link
  • Click the "SSL Certificate Install" link
  • Log in using your Strategi user id
  • Enter your website code (in most cases "DEFAULT")
  • Paste your clipboard contents (should be the certificate) into the "Certificate Data" textarea
  • Click "Install Certificate"

    Step 3 - Add SSL Support and Restart Strategi
  • (iSeries 400 Command) GO STRATEGI/SGI
  • Select "Work with Websites"
  • Do a "2" to edit on your website (in most cases "DEFAULT")
  • If necessary, change "Secure HTTP" from "*NONE" to "*HTTP"
  • Restart Strategi

    Step 4 - Test SSL
  • Go to https://your.dns.address/resources/main.htm
  • A "locked key" should show at the bottom of your browser window. If one does not, discuss this with BusinessLink technical support.
  • Click one of the "Quickstart" buttons.
  • When the applet login window appears, let it sit for a few seconds. The words "Secure Connection" should appear below the passphrase field.

    ** End of Technical Support Bulletin **