IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1
Keystore management and populating certificates
You do not have to use the following commands unless you want to create unique certificates with a new storepass and keypass. You can run keystore management on the managing server and the data collector. These commands will populate a new store with those certificates.
There are 3 stores used by ITCAM for Application Diagnostics:
CyaneaMgmtStore Run on the managing server CyaneaDCStore Run on the data collectors CyaneaProxyStore Run on the data collector when you want to enable the data collector port consolidator.
...where...
CyaneaMgmtStore mgmttomgmt.cer
dctomgmt.cer
proxytomgmt.cercn=cyaneamgmt
cn=cyaneadc
cn=cyaneaproxyCyaneaDCStore proxytodc.cer
mgmttodc.cercn=cyaneaproxy
cn=cyaneamgmtCyaneaProxyStore mgmttoproxy.cer
dctoproxy.cercn=cyaneamgmt
cn=cyaneadc
Run...
cd java/bin directory keytool -genkey -alias alias_name -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass keypass -keystore ./storename -storepass storepass -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
Create stores and certificates
Replace "CyaneaMgmtStore", "CyaneaDCStore", and "CyaneaProxyStore" with your custom store names.
keytool -genkey -alias mgmttomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias dctomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias proxytomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias proxytodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaDCStore -storepass foo2 -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias mgmttodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaDCStore -storepass foo2 -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias mgmttoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaProxyStore -storepass foo2 -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" keytool -genkey -alias dctoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass foo1 -keystore ./CyaneaProxyStore -storepass foo2 -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
Extract Certificates
When you have created the three 3 Stores, extract the certificates...
- Extract all certificates from CyaneaMgmtStore:
keytool -export -alias mgmttomgmt -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -file mgmttomgmt.cer keytool -export -alias dctomgmt -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -file dctomgmt.cer keytool -export -alias proxytomgmt -keypass foo1 -keystore ./CyaneaMgmtStore -storepass foo2 -file proxytomgmt.cer- Extract all certificates from CyaneaDCStore:
keytool -export -alias proxytodc -keypass foo1 -keystore ./CyaneaDCStore -storepass foo2 -file proxytodc.cer keytool -export -alias mgmttodc -keypass foo1 -keystore ./CyaneaDCStore -storepass foo2 -file mgmttodc.cer- Extract all certificates from CyaneaProxyStore:
keytool -export -alias mgmttoproxy -keypass foo1 -keystore ./CyaneaProxyStore -storepass foo2 -file mgmttoproxy.cer keytool -export -alias dctoproxy -keypass foo1 -keystore ./CyaneaProxyStore -storepass foo2 -file dctoproxy.cer
When you have extracted your files, copy the following certificates and Stores to the following locations:
MS_home/etc:CyaneaMgmtStore mgmttoproxy.cer mgmttomgmt.cer mgmttodc.cer
DC_home/itcamdc/etc:CyaneaDCStore CyaneaProxyStore proxytomgmt.cerproxytodc.cerdctoproxy.cer dctomgmt.cer
Parent topic:
Node Authentication