IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Securing communications
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Configure TLS/SSL communication between the hub monitoring server and the LDAP server
You can configure TLS/SSL communication from the hub monitoring server to an LDAP server to secure requests to authenticate users and groups.
After setting up the LDAP server for TLS/SSL and obtaining its public signer certificate, use the hub monitoring server's GSKit iKeyman utility or command line interface to set up a new key database of type CMS and a stash file containing the password for the key database. Then import the LDAP server's public signer certificate into the new key database and specify a label name for the certificate. See Use the GSKit command-line interface to work with key databases and certificates and Use the GSKit iKeyman utility to work with key databases and certificates for information on using GSKit.
Then reconfigure the hub monitoring server to enable LDAP TLS/SSL communication. When reconfiguring the hub monitoring server, you must provide the location of the key database (also called the LDAP key store file), the stash file containing the key database (also called the LDAP key store stash), the label name for the public signer certificate, and the password of the key database. Also check with the LDAP server administrator to determine if you should modify the LDAP port value since the secured port number is typically port 636.
LDAP TLS/SSL requires some actions by an LDAP administrator that are not covered by the Tivoli Monitoring documentation. The following topics in the IBM Security Systems Information Center include information about setting up LDAP servers for TLS/SSL:
- Configure Microsoft Active Directory for SSL access
- Configure the Tivoli Directory Server client for SSL access
- Configure Oracle Java System Directory Server for SSL access
Parent topic:
Securing communications