Easycom can accept client certificates for two purposes:
• Additional security of the network. The server can give access only to clients that have a valid certificate.
• Use the client certificate to assign the OS/400 user to use. The client certificate subject can be used to define the OS/400 username, or the EIM database can be used for this.
The client certificate must be valid for the AS/400. The certificate is considered valid if it is issued by one of the CA (Certificate Authority) that are installed on the AS/400, in the *SYSTEM certificate store.
So, the certificate can be issued by the AS/400; in this case the CA is the Local CA.