+

Search Tips   |   Advanced Search

Operating Systems: AIX, HP-UX, Linux, Solaris, Windows, z/OS

 

Enabling communication between cells that have security enabled


When two cells have security enabled, such as Lightweight Directory Access Protocol (LDAP), and perform additional steps so that these cells can communicate with each other.

 

Before you begin

You must be able to access the deployment manager for each cell you want to communicate.

 

About this task

You can add a signer certificate the trust.p12 file, allowing that cell to securely communicate with another cell. You edit the trust.p12 file at the cell level for each cell, and then run the bin/retrieveSigners.sh script in each cell. After you run the script, the cells can communicate through Secure Socket Layer (SSL) connections.

 

Procedure

  1. Start the deployment manager for each cell.

  2. On each deployment manager, edit the deployment_manager_profile/properties/ssl.client.props file to change the com.ibm.ssl.trustStore value to the cell-level default trust store.

    For example, change the line com.ibm.ssl.trustStore=${user.root}/etc/trust.p12 to com.ibm.ssl.trustStore=deployment_manager_profile/config/cells/cell_name/trust.p12. Remember the original value. You change this value back to the original value after you run the script.

  3. Run the bin/retrieveSigners.sh script from the first cell, including information for the second cell in the script. For example: 
    retrieveSigners.sh CellDefaultTrustStore ClientDefaultTrustStore -autoAcceptBootstrapSigner -conntype SOAP -port 8879 -host seconddmgr.host.ibm.com

  4. On the first cell, edit the deployment_manager_profile/properties/ssl.client.props file and change the value back to the original com.ibm.ssl.trustStore value.

  5. On the second deployment manager, check the deployment_manager_profile/properties/ssl.client.props file that the com.ibm.ssl.trustStore value is the cell-level default trust store. Run the bin/retrieveSigners.sh script from the second cell, including information for the first cell.

  6. On the second cell, edit the deployment_manager_profile/properties/ssl.client.props file to change back to the original com.ibm.ssl.trustStore value.

  7. Restart all of the cells that you are configuring or ensure that all of the cells have been fully synchronized.

 

Results

The two cells can establish SSL connections with each other.

 

What to do next




Related tasks

Configure WebSphere Virtual Enterprise for cross-cell communication
Configure application placement for cells that share the same nodes