IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

---

Keystore management and populating certificates

You do not have to use the following commands unless you want to create unique certificates with a new storepass and keypass. You can run keystore management on the managing server and the data collector. These commands will populate a new store with those certificates.

There are 3 stores used by ITCAM for Application Diagnostics:

CyaneaMgmtStore	Run on the managing server
CyaneaDCStore	Run on the data collectors
CyaneaProxyStore	Run on the data collector when you want to enable the data collector port consolidator.

...where...

CyaneaMgmtStore	mgmttomgmt.cer dctomgmt.cer proxytomgmt.cer	cn=cyaneamgmt cn=cyaneadc cn=cyaneaproxy
CyaneaDCStore	proxytodc.cer mgmttodc.cer	cn=cyaneaproxy cn=cyaneamgmt
CyaneaProxyStore	mgmttoproxy.cer dctoproxy.cer	cn=cyaneamgmt cn=cyaneadc

Run...

cd java/bin directory 
keytool -genkey 
        -alias alias_name 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass keypass 
        -keystore ./storename 
        -storepass storepass 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

Create stores and certificates

Replace "CyaneaMgmtStore", "CyaneaDCStore", and "CyaneaProxyStore" with your custom store names.

keytool -genkey 
        -alias mgmttomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool 
        -genkey 
        -alias dctomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
  
        -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
keytool -genkey 
        -alias proxytomgmt 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaMgmtStore 
        -storepass foo2 
        -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias proxytodc 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaDCStore 
        -storepass foo2 
        -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias mgmttodc 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaDCStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias mgmttoproxy 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaProxyStore 
        -storepass foo2 
        -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

keytool -genkey 
        -alias dctoproxy 
        -keyalg RSA 
        -keysize 1024 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass foo1 
        -keystore ./CyaneaProxyStore 
        -storepass foo2 
        -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"

Extract Certificates

When you have created the three 3 Stores, extract the certificates...

1. Extract all certificates from CyaneaMgmtStore:

   keytool -export 
           -alias mgmttomgmt 
           -keypass foo1 
           -keystore ./CyaneaMgmtStore 
           -storepass foo2 
           -file mgmttomgmt.cer
   
   keytool -export 
           -alias dctomgmt 
           -keypass foo1 
           -keystore ./CyaneaMgmtStore 
           -storepass foo2 
           -file dctomgmt.cer
   
   keytool -export 
           -alias proxytomgmt 
           -keypass foo1 
           -keystore ./CyaneaMgmtStore 
           -storepass foo2 
           -file proxytomgmt.cer

2. Extract all certificates from CyaneaDCStore:

   keytool -export 
           -alias proxytodc 
           -keypass foo1 
           -keystore ./CyaneaDCStore 
           -storepass foo2 
           -file proxytodc.cer
   
   keytool -export 
           -alias mgmttodc 
           -keypass foo1 
           -keystore ./CyaneaDCStore 
           -storepass foo2 
           -file mgmttodc.cer

3. Extract all certificates from CyaneaProxyStore:

   keytool -export 
           -alias mgmttoproxy 
           -keypass foo1 
           -keystore ./CyaneaProxyStore 
           -storepass foo2 
           -file mgmttoproxy.cer
   
   keytool -export 
           -alias dctoproxy 
           -keypass foo1 
           -keystore ./CyaneaProxyStore 
           -storepass foo2 
           -file dctoproxy.cer
   

When you have extracted your files, copy the following certificates and Stores to the following locations:

MS_home/etc:CyaneaMgmtStore mgmttoproxy.cer mgmttomgmt.cer mgmttodc.cer

DC_home/itcamdc/etc:CyaneaDCStore CyaneaProxyStore proxytomgmt.cerproxytodc.cerdctoproxy.cer dctomgmt.cer

• Configure components to use new keystores and certificates
  

Parent topic:

Node Authentication

---

+

Search Tips   |   Advanced Search