Run the SvrSslCfg utility

 

+

Search Tips   |   Advanced Search

 

Run the SvrSslCfg command to configure an SSL connection between Tivoli Access Manager and WAS. SvrSslCfg creates a configuration file...

<WebSphere_root>/java/jre.PdPerm.properties

...and a Java key store file, which securely stores a client certificate. These two files enable WAS to be able to contact the Tivoli Access Manager server.

SvrSslCfg needs to be run for each machine running WAS. For example, in a network deployment setup, if the deployment manager and a node are installed on the same machine, run the SvrSslCfg twice. Once for the deployment manager developer kit and again to configure the node developer kit.

  1. Run...

    <WebSphere_root>\bin\setupCmdLine.bat

  2. Set the WAS_HOME environment variable to reflect the WAS installation root.

  3. Run the SvrSslCfg utility...

    CLASSPATH=${WAS_HOME}/java/jre/lib/ext/PD.jar:${WAS_CLASSPATH}

    java -cp ${CLASSPATH} com.tivoli.pd.jcfg.SvrSslCfg -action config -admin_id sec_master -admin_pwd password -appsvr_id wasuser -policysvr tam_policy_server_host:7135:1 -authzsvr tam_authorization_server_host:7136:1 -mode remote -cfg_file configuration_file -key_file key_file -cfg_action create

    ...where...

    action Action to be taken, it can be config or unconfig.
    admin_id administrator ID for Tivoli Access Manager, use: sec_master
    admin_pwd password for the Tivoli Access Manager administrator
    appsvr_id The name that is specified here is combined with the host name to create unique names for Tivoli Access Manager objects created for your application. The following names are reserved for Tivoli Access Manager applications: ivacld, secmgrd, ivnet, and ivweb. This is an ID that is created in the registry. This ID is used by WAS to communicate with Tivoli Access Manager.
    appsvr_pwd The password for the application server ID (appsvr_id).
    authzsvr Access to the authorization server in the format of: authorization_server_name:port_number:rank
    policysvr Access to the policy server in the format of: policy_server_host_name:port_number:rank
    cfg_action create specifies to create the configuration and key store files during server configuration. Configuration fails if either of these files already exists.

    replace specifies to replace the configuration and key store files during server configuration. Configuration deletes any existing files and replaces them with new ones.

    cfg_file Specifies the fully-qualified file name.
    key_file Specifies the directory that will contain the key files for the server. Make sure that server user (for example, ivmgr) or all users have permission to access the .kdb file
    host the hostname for the application server
    mode Specifies the mode in which the application operates. This value must be either local or remote.

     


     

     

    Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.