This step is required if you want to use the EIM database to map the certificate to the OS/400 user.
In this case the supplied username must be "*SSL".
Using system i access, go to "Network"/"Enterprise Identity Mapping"/"Domain Management"/"<your domain>"/"User Registries", and click "Add a new system registry".
Choose a name, and "X.509" registry type.
Under "configuration", select properties, and select the X.509 registry just created.
Now we need configuring the LDAP location for the *SYSTEM store. This will make the user certificates creation process linked to the EIM.
Use Digital Certificate manager. Connection is at: http://my_iseries:2001. Select "Digital Certificate Manager" (on V6R1 select "i5/OS management" and then "Internet configuration" first. Logon as QSECOFR when prompted).
Select "Manage LDAP location", and enter:
LDAP server: fully defined host name: my_series.mydomain.com
Directory distinguished name (DN): dc=
Use Secure Sockets Layer (SSL): No
Port Number: 389
Login distinguished name (DN): cn=
Password: xxxx (password for LDAP used by EIM).