IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Securing communications
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Configure TLS/SSL communication between Dashboard Application Services Hub and the dashboard data provider
To use HTTPS, you can configure TLS/SSL communication from Dashboard Application Services Hub to the dashboard data provider in the portal server.
The Dashboard Application Services Hub communicates with the IBM Tivoli Monitoring dashboard data provider using either Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). HTTPS is intended to run on top of Transport Layer Security (TLS) or its predecessor Secure Sockets Layer (SSL). These layers provide encryption using key exchanges.
Roadmap
In order to use HTTPS and its security encryption features, complete the following tasks in the roadmap.
Roadmap for setting up TLS/SSL for the dashboard data provider
Step Description and information provided 1 You have two options for obtaining the public-private key pair used by the portal server:
- Use the default self-signed certificates installed with IBM Tivoli Monitoring. If you choose this option, proceed to step 2.
OR
- Use a digital certificate that has been signed by a certificate authority. In this case, you must create a certificate request and send it to the certificate authority for signing. Once the digital certificate has been signed, you add the certificate authority signer's certificate to the portal server's trust stores, and then add the new digital signature to the portal server's key stores. See Use third party certificate authority signed certificates for the portal server.
2 At each Dashboard Application Services Hub with a connection configured to the portal server's dashboard data provider, add the public signer certificate used by the portal server to the Dashboard Application Services Hub WebSphere trust store. Follow the steps in Configure TLS/SSL communication for the Dashboard Application Services Hub server.
- Use third party certificate authority signed certificates for the portal server
You can use third party certificates to configure TLS/SSL for the dashboard data provider by adding the signer certificate and private digital certificate to the key database managed by GSKit, and to the trust and key stores used by TEPS/e.
- Configure TLS/SSL communication for the Dashboard Application Services Hub server
Add the public signer certificate used by the portal server to the Dashboard Application Services Hub WebSphere trust store to configure TLS/SSL.
Parent topic:
Securing communications