IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Securing communications > Configure TLS/SSL communication with the Authorization Policy Server

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Use the WebSphere generated certificates to configure TLS/SSL for the Authorization Policy Server

During the installation of the WebSphere Application Server used by the Authorization Policy Server and Dashboard Application Services Hub, a public signer certificate and a default private signed certificate are generated. You can use these certificates for TLS/SSL communication by extracting the public signer certificate.


Procedure

  1. Log into the WebSphere Administrative Console for the Authorization Policy Server and Dashboard Application Services Hub.

    1. Enter the following URL in your Internet Explorer or Firefox browser: https://hostname:16311/ibm/console.

      If your environment was configured with a port number other than the default, enter that number instead. The default path to the server is /ibm/console. However, this path is configurable, and might differ from the default in your environment.

    2. Enter the Dashboard Application Services Hub administrative user ID and password then click Go.

      The user ID must be assigned the administrator and iscadmins roles.

    3. In the Console Settings area click on WebSphere Administrative Console and then click the Launch WebSphere administrative console button.

  2. Select Security → SSL certificate and key management.

  3. In the Related Items area, click the Key stores and certificates link and in the table click the NodeDefaultTrustStore link.

  4. In the Additional Properties area, click the Signer certificates link and in the table that is displayed, select the root entry check box.

  5. Click Extract and in the page that is displayed, in the File name field, enter a certificate file name. For example, C:\policyauthcerts\PolicyAuthServerSignerCert.arm.

  6. From the Data type list select the Base64-encoded ASCII data option and click OK.


What to do next

The extracted public signer certificate can now be distributed to the portal server and tivcmd CLI> Command-Line Interface for Authorization Policy computers for importing.


Parent topic:

Configure TLS/SSL communication with the Authorization Policy Server

+

Search Tips   |   Advanced Search