Generate keys and certificates for the secure web server mode
It is not possible for the Installation Manager web server installation kit to contain a signed certificate for the IP address of our computer. Therefore, when we log in to the secure Installation Manager web server, we see an untrusted connection warning. To suppress this warning, we can use our own keystore with a signed certificate.Procedure
- To create a keystore file with a certificate:
keytool -keystore keystore filename -alias jetty -genkey -keyalg RSA
For detailed steps, see Generating Key Pairs and Certificates.
To avoid seeing the untrusted connection warning in the browser, we can obtain a trusted certificate for our keystore file. For detailed steps, see Requesting a_Trusted Certificate. Ensure that you remember the password that we used to create the keystore file.- Save the keystore file on the machine that runs the secure Installation Manager web server. For example, save the file here: c:\data\mykeystore.
- In a text editor, open the ibmim-web.ini file, and then set org.eclipse.equinox.http.jetty.ssl.keystore to point to our keystore file location. Depending on the operating system, the ibmim-web.ini file is in one of the following directories:
install_dir/InstallationManager/eclipse/web
- Ensure that the value in the org.eclipse.equinox.http.jetty.ssl.keypassword property is set to the password that we used to generate the keystore file.
Results
When we run the ibmim-web executable with the -secure parameter, our browser does not warn us about an untrusted connection.Related concepts:
Work from a web browser Multiple browser sessions Related tasks:
Securely start and stop the Installation Manager web server Related reference:
Advanced configurations
Home