IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

Keystore management and populating certificates

You do not have to use the following commands unless you want to create unique certificates with a new storepass and keypass. You can run keystore management on the managing server and the data collector. These commands will populate a new store with those certificates.

There are 3 stores used by ITCAM for Application Diagnostics:

...where...

Run...

cd java/bin directory 
keytool -genkey 
        -alias alias_name 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass keypass 
        -keystore ./storename 
        -storepass storepass 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"


Create stores and certificates

Replace "CyaneaMgmtStore", "CyaneaDCStore", and "CyaneaProxyStore" with your custom store names.

keytool -genkey 
        -alias mgmttomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool 
        -genkey 
        -alias dctomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
  
        -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
keytool -genkey 
        -alias proxytomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
        -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias proxytodc 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaDCStore 
        -storepass foo2 
        -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias mgmttodc 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaDCStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias mgmttoproxy 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaProxyStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias dctoproxy 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaProxyStore 
        -storepass foo2 
        -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"


Extract Certificates

When you have created the three 3 Stores, extract the certificates...

  1. Extract all certificates from CyaneaMgmtStore:
    keytool -export 
            -alias mgmttomgmt 
            -keypass foo1 
            -keystore ./CyaneaMgmtStore 
            -storepass foo2 
            -file mgmttomgmt.cer
    
    keytool -export 
            -alias dctomgmt 
            -keypass foo1 
            -keystore ./CyaneaMgmtStore 
            -storepass foo2 
            -file dctomgmt.cer
    
    keytool -export 
            -alias proxytomgmt 
            -keypass foo1 
            -keystore ./CyaneaMgmtStore 
            -storepass foo2 
            -file proxytomgmt.cer

  2. Extract all certificates from CyaneaDCStore:
    keytool -export 
            -alias proxytodc 
            -keypass foo1 
            -keystore ./CyaneaDCStore 
            -storepass foo2 
            -file proxytodc.cer
    
    keytool -export 
            -alias mgmttodc 
            -keypass foo1 
            -keystore ./CyaneaDCStore 
            -storepass foo2 
            -file mgmttodc.cer

  3. Extract all certificates from CyaneaProxyStore:
    keytool -export 
            -alias mgmttoproxy 
            -keypass foo1 
            -keystore ./CyaneaProxyStore 
            -storepass foo2 
            -file mgmttoproxy.cer
    
    keytool -export 
            -alias dctoproxy 
            -keypass foo1 
            -keystore ./CyaneaProxyStore 
            -storepass foo2 
            -file dctoproxy.cer
    

When you have extracted your files, copy the following certificates and Stores to the following locations:

MS_home/etc:CyaneaMgmtStore mgmttoproxy.cer mgmttomgmt.cer mgmttodc.cer

DC_home/itcamdc/etc:CyaneaDCStore CyaneaProxyStore proxytomgmt.cerproxytodc.cerdctoproxy.cer dctomgmt.cer


Parent topic:

Node Authentication