IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

Script to run if your SSL certificates have expired

All SSL certificates have an expiration time. For some certificates, the expiration time is 4 years, after which the product will not function if you have enabled Node Authentication and SSL. If this is the case, to increase the expiration time:

  1. Open the script located at MS_home/bin/security_cert.sh with a text editor. This is the content of the script:
    #!/bin/sh
    
    # (C) Copyright IBM Corp. 2005  All Rights Reserved.
    #
    # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
    #
    
    # Note: This script requires $JDK_HOME to be defined and it requires
    # JDK_HOME/bin/keytool to be present. This keytool is available in FULL JDK 
    # versions and may not be available in JRE versions of the install
    
    # PLEASE DEFINE JDK HOME
    
    JDK_HOME=/opt/IBM/WebSphere/AppServer6/java
    
    PATH=${JDK_HOME}/bin:$PATH
    
    # This script generates ALL the certificates and certificate stores required for # ITCAMfWAS Product (DC/MS/Port Consolidator). Currently it populates 
    # certificates with validity of 7000 days. If you feel its too high replace 
    # validity period to a lower number according to your needs. Please Note: once 
    # limit is reached, Product will stop working when NodeAuthentication/SSL is ON
    # Its your responsibility to re-generate the certificates and stores.
    # Please replace ALL the certificates at DC, MS and PortCosolidator level.
    # Partial replacement will NOT work
    
    
    keytool -genkey -alias mgmttomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 7000
     -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612 -dname
     "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
    
    keytool -genkey -alias dctomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 7000
     -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612 -dname
     "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
    
    keytool -genkey -alias proxytomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA
     -validity 7000 -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612
     -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
    
    keytool -genkey -alias proxytodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA
     -validity 7000 -keypass oakland94612 -keystore ./CyaneaDCStore -storepass oakland94612
     -dname "cn=cyaneaproxy, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
    
    keytool -genkey -alias mgmttodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA
     -validity 7000 -keypass oakland94612 -keystore ./CyaneaDCStore -storepass oakland94612
     -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
    
    keytool -genkey -alias mgmttoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA
     -validity 7000 -keypass oakland94612 -keystore ./CyaneaProxyStore -storepass oakland94612
     -dname "cn=cyaneamgmt, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
    
    keytool -genkey -alias dctoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA
     -validity 7000 -keypass oakland94612 -keystore ./CyaneaProxyStore -storepass oakland94612
     -dname "cn=cyaneadc, OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
    
    keytool -export -alias mgmttomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore
     -storepass cyanea94612 -file mgmttomgmt.cer 
    
    keytool -export -alias dctomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore
     -storepass cyanea94612 -file dctomgmt.cer 
    
    keytool -export -alias proxytomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore
     -storepass cyanea94612 -file proxytomgmt.cer
    
    keytool -export -alias proxytodc -keypass oakland94612 -keystore ./CyaneaDCStore -storepass
     oakland94612 -file proxytodc.cer 
    
    keytool -export -alias mgmttodc -keypass oakland94612 -keystore ./CyaneaDCStore -storepass
     oakland94612 -file mgmttodc.cer
    
    keytool -export -alias mgmttoproxy -keypass oakland94612 -keystore ./CyaneaProxyStore
     -storepass oakland94612 -file mgmttoproxy.cer 
    
    keytool -export -alias dctoproxy -keypass oakland94612 -keystore ./CyaneaProxyStore
     -storepass oakland94612 -file dctoproxy.cer 
    
    cp ./CyaneaMgmtStore ./CyaneaMgmtStore_Comm
    cp ./CyaneaDCStore ./CyaneaDCStore_Comm
    cp ./CyaneaProxyStore ./CyaneaProxyStore_Comm
    
    keytool -keystore ./CyaneaMgmtStore_Comm -storepass cyanea94612 -import -alias mgmttodc
     -file ./mgmttodc.cer
    
    keytool -keystore ./CyaneaMgmtStore_Comm -storepass cyanea94612 -import -alias mgmttoproxy
     -file ./mgmttoproxy.cer
    
    keytool -keystore ./CyaneaDCStore_Comm -storepass oakland94612 -import -alias dctomgmt
     -file ./dctomgmt.cer
    
    keytool -keystore ./CyaneaDCStore_Comm -storepass oakland94612 -import -alias dctoproxy
      -file ./dctoproxy.cer
    
    keytool -keystore ./CyaneaProxyStore_Comm -storepass oakland94612 -import -alias proxytodc
     -file ./proxytodc.cer
    
    keytool -keystore ./CyaneaProxyStore_Comm -storepass oakland94612 -import -alias proxytomgmt
      -file ./proxytomgmt.cer

  2. Specify the path for the location of the Java home directory for the JDK_HOME parameter. For example,
    JDK_HOME=D:\IBM\AppServer\java

  3. If the increase in expiration time to 20 years (7000 days) is too much, modify the script. Change the value of -validity 7000 to a lower number of days, in all instances it occurs in the script. For example, change all instances of -validity 7000 to -validity 3500.

  4. Save the changes and run the script.


Parent topic:

Set up security