IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Securing communications > Configure TLS/SSL communication between the load balancing HTTP Server and each portal server's local HTTP server

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Extracting the portal server's local HTTP server public signer certificate

Extract the portal server's local HTTP server public signer certificate from its trust store using the iKeyman graphical interface.


On the computer system where the portal server is installed, extract the portal server's HTTP server certificate from the keyfile.kdb file.

Alternatively, you can use the gskcmd command-line interface to complete this task. For detailed information on using the gskcmd command-line interface, see Use the GSKit command-line interface to work with key databases and certificates.


Procedure

  1. Start the key management utility (iKeyman) using one of these methods:

    • Click Start > Programs > IBM HTTP Server V8.0 for Tivoli Enterprise Portal Server > Start Key Management Utility.

    • From the command-line run <install_dir>/<interp>/iu/ihs/HTTPServer/bin/ikeyman or change to the <install_dir>/<interp>/iu/ihs/HTTPServer/bin directory and type ikeyman. If you start IKEYMAN to create a new key database file, the utility stores the file in the directory where you start IKEYMAN.

  2. Navigate to the following directory and select the keyfile.kdb to open the file.

    install_dir\keyfiles\

    install_dir/keyfiles

  3. Enter the password to open the file. The default password is IBM61TIV.

  4. From the Key database content drop down list, select Signer Certificates.

  5. Select the trusted root certificate used to sign the IBM HTTP server SSL certificate. By default it is the root certificate. If you requested a new signer certificate from a certificate authority then it is the name that you specified when you added the signer certificate to the key database.

    Tip: If you are not sure which signer certificate is the trusted root certificate, select a certificate and click View / Edit. In the Key information dialog window, check if the Set the certificate as trusted root option is selected.

  6. Click Extract.

  7. Leave the Data Type as Base64-encoded ASCII data and then save the certificate as hostnameITMcert.arm.

  8. Click OK to export the certificate to the file name and directory specified in the previous steps.


Parent topic:

Configure TLS/SSL communication between the load balancing HTTP Server and each portal server's local HTTP server

+

Search Tips   |   Advanced Search