IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Upgrade from a previous installation > Plan your upgrade > Prerequisites for IBM Tivoli Monitoring V6.3 > Tivoli Business Service Manager and Tivoli Enterprise Portal Server integration over SSL

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Ensuring web applications connecting to the embedded HTTP server in the portal server using SSL continue to work after upgrading to V6.3

Before you upgrade to V6.3, you must generate a new pair of keys and sign the IBM Tivoli Monitoring Certificate with the key of your signer if you do not want to use the default self-signed certificates installed by IBM Tivoli Monitoring. You then import the public key certificate of your signer into the truststores of your client applications, before the upgrade to V6.3.

Follow these steps to apply this method and minimize the potential for outages:

  1. For instructions on how to create a new public/private key pair, requesting a certificate signing, and saving the signed certificate, see the IBM Tivoli Monitoring Administrator's Guide.

  2. You must update the truststore of the client with the signer's certificate, if this has not already been done. The instructions in this section are specific to the Tivoli Business Service Manager Charts services for IBM Tivoli Monitoring that is provided with Tivoli Business Service Manager 4.2, 4.2.1 Fix Pack 2.

For the Tivoli Business Service Manager data server:

  1. Log in to the server where the Tivoli Business Service Manager data server is installed.

  2. Change directory to TIP_HOME/bin.

  3. Issue the following command: 

      ./wsadmin.sh ?profileName TBSMProfile ?user tipadmin

  4. When prompted, enter the password for the tipadmin user.

  5. From the wsadmin prompt, issue the following command: 

      $AdminTask retrieveSignerFromPort { -host tepshostname -port 15201 -keyStoreName 
NodeDefaultTrustStore -certificateAlias alias-name }

    Where:

    tepshostname

    Is the hostname of the Tivoli Enterprise Portal Server.

    alias-name

    Is an alias for the certificate in the NodeDefaultTrustStore, for example TEP-IHS.

  6. Save the configuration: 

      wsadmin>$AdminConfig save

  7. Exit the wsadmin prompt: 

      wsadmin>quit

  8. Stop and restart the Tivoli Business Service Manager data server for the changes to take effect.

For the Tivoli Business Service Manager Dashboard server or a Tivoli Integrated Portal server that uses the IBM Tivoli Monitoring charting web service:

  1. Log in to the WebSphere Application Server administrative console.

  2. Expand Security and click SSL certificate and key management.

  3. Click Keystores and certificates.

  4. Click NodeDefaultTrustStore.

  5. Click Signer certificates.

  6. Click Retrieve from port.

  7. Enter the host name of the Tivoli Enterprise Portal Server.

  8. Enter port 15201.

  9. Enter an alias name, for example TEP-IHS.

  10. Click Retrieve signer information.

  11. Click OK.

  12. Stop and restart the Tivoli Business Service Manager dashboard server or Tivoli Integrated Portal server for the changes to take effect.


Parent topic:

Tivoli Business Service Manager and Tivoli Enterprise Portal Server integration over SSL

+

Search Tips   |   Advanced Search