IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

---

Keystore management and populating certificates

You do not have to use the following commands unless you want to create unique certificates with a new storepass and keypass. You can run keystore management on the managing server and the data collector. These commands will populate a new store with those certificates.

For populating all new keystores: there are 3 stores used by ITCAM for Application Diagnostics: CyaneaMgmtStore to run on the managing server, CyaneaDCStore to run on the data collectors, and (distributed platforms only) and CyaneaProxyStore to run on the data collector when you want to enable the data collector port consolidator.

For populating all new keystores: there are 3 stores used by ITCAM for Application Diagnostics: CyaneaMgmtStore to run on the managing server, CyaneaDCStore to run on the data collectors, and CyaneaProxyStore to run on the data collector when you want to enable the data collector port consolidator.

For populating all new keystores : there are 3 stores used by ITCAM for Application Diagnostics: CyaneaMgmtStore to run on the managing server, CyaneaDCStore to run on the data collectors, and CyaneaProxyStore to run on the data collector when you want to enable the data collector port consolidator.

For populating all new keystores : there are 2 stores used by ITCAM for Application Diagnostics: CyaneaMgmtStore to run on the managing server and CyaneaDCStore to run on the data collectors.

CyaneaMgmtStore contains: mgmttomgmt.cer (cn=cyaneamgmt)dctomgmt.cer (cn=cyaneadc)(distributed platforms only) proxytomgmt.cer (cn=cyaneaproxy)

CyaneaDCStore contains: (distributed platforms only) proxytodc.cer (cn=cyaneaproxy) mgmttodc.cer (cyaneamgmt)

(distributed platforms only) CyaneaProxyStore contains: mgmttoproxy.cer (cn=cyaneamgmt) dctoproxy.cer (cn=cyaneadc)

Use the following details to create all the necessary stores and certificates:

Replace "oakland1" with your custom keypass and "oakland2" with your custom storepass. Replace "CyaneaMgmtStore", "CyaneaDCStore", and (distributed platforms only) "CyaneaProxyStore" with your custom store names.

Replace "oakland1" with your custom keypass and "oakland2" with your custom storepass. Replace "CyaneaMgmtStore", "CyaneaDCStore", and "CyaneaProxyStore" with your custom store names.

keytool -genkey -alias mgmttomgmt -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaMgmtStore -storepass oakland2 -dname "cn=cyaneamgmt, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias dctomgmt -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaMgmtStore -storepass oakland2 -dname "cn=cyaneadc, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias proxytomgmt -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaMgmtStore -storepass oakland2 -dname "cn=cyaneaproxy, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias proxytodc -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaDCStore -storepass oakland2 -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias mgmttodc -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaDCStore -storepass oakland2 -dname "cn=cyaneamgmt, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias mgmttoproxy -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaProxyStore -storepass oakland2 -dname "cn=cyaneamgmt, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey -alias dctoproxy -keyalg RSA -keysize 1024 
-sigalg MD5withRSA -validity 2000 -keypass oakland1 -keystore 
./CyaneaProxyStore -storepass oakland2 -dname "cn=cyaneadc, 
OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

Extracting Certificates:

When you have created the three 3 Stores, extract the certificates by completing the following steps:

1. Extract all certificates from CyaneaMgmtStore by running the following commands:

   keytool -export -alias mgmttomgmt -keypass oakland1 -keystore 
   ./CyaneaMgmtStore -storepass oakland2 -file mgmttomgmt.cer

   keytool -export -alias dctomgmt -keypass oakland1 -keystore 
   ./CyaneaMgmtStore -storepass oakland2 -file dctomgmt.cer

   keytool -export -alias proxytomgmt -keypass oakland1 -keystore 
   ./CyaneaMgmtStore -storepass oakland2 -file proxytomgmt.cer

2. Extract all certificates from CyaneaDCStore by running the following commands:

   keytool -export -alias proxytodc -keypass oakland1 -keystore 
   ./CyaneaDCStore -storepass oakland2 -file proxytodc.cer

   keytool -export -alias mgmttodc -keypass oakland1 -keystore 
   ./CyaneaDCStore -storepass oakland2 -file mgmttodc.cer

3. Extract all certificates from CyaneaProxyStore by running the following commands: (This step is only needed for distributed data collectors.)

   keytool -export -alias mgmttoproxy -keypass oakland1 -keystore 
   ./CyaneaProxyStore -storepass oakland2 -file mgmttoproxy.cer

   keytool -export -alias dctoproxy -keypass oakland1 -keystore 
   ./CyaneaProxyStore -storepass oakland2 -file dctoproxy.cer

When you have extracted your files, copy the following certificates and Stores to the following locations:

MS_home/etc:CyaneaMgmtStore (distributed platforms only) mgmttoproxy.cer mgmttomgmt.cer mgmttodc.cer

DC_home/itcamdc/etc:CyaneaDCStore (distributed platforms only) CyaneaProxyStore (distributed platforms only) proxytomgmt.cer (distributed platforms only) proxytodc.cer (distributed platforms only) dctoproxy.cer dctomgmt.cer

• Configure components to use new keystores and certificates
  

Parent topic:

Node Authentication

---

+

Search Tips   |   Advanced Search