IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Additional Tivoli Enterprise Portal configurations
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Use SSL between the portal server and the client
You can choose to encrypt all communication between the portal server and portal client.
IBM Tivoli Monitoring uses two protocols to provide this level of security between portal server and client server:
- Secure Hypertext Transport Protocol (HTTPS) to retrieve files and Interoperable Object Reference (IOR). The integrated browser in the client provides HTTPS support on the client side.
- Internet Inter-ORB Protocol (IIOP) to secure the communications between the portal server and client. This uses the Secure Sockets Layer (SSL) API provided by VisiBroker. This secure communication uses public key cryptography.
When you install IBM Tivoli Monitoring, the Global Security Toolkit (GSKit), and iKeyman utilities are installed by default on all components. These utilities are used to create and manage the encryption of data between components through the use of digital certificates.
Digital certificates are the vehicle that SSL uses for public-key cryptography. Public-key cryptography uses two different cryptographic keys: a private key and a public key. Public-key cryptography is also known as asymmetric cryptography, because you can encrypt information with one key and decrypt it with the complement key from a given public/private key pair.
Public/private key pairs are simply long strings of data that act as keys to a user's encryption scheme. The user keeps the private key in a secure place (for example, encrypted on a computer’s hard drive), and provides the public key to anyone with whom the user wants to communicate. The private key is used to digitally sign all secure communications sent from the user; the public key is used by the recipient to verify the sender’s signature.
Public/private key pairs are validated by a trusted third party, called a Certificate Authority (CA). An example of a CA is Verisign. If you are setting up your own key pairs, you submit them to the CA for validation.
If you intend to use SSL for communication between the Tivoli Enterprise Portal Server and its clients, use the GSKit provided with IBM Tivoli Monitoring to manage certificates and keys. See the IBM Tivoli Monitoring Administrator's Guide for instructions for setting up this encryption.
For additional information about using public/private key pairs, see the iKeyman documentation available at http://publib.boulder.ibm.com/infocenter/javasdk/v5r0/index.jsp?topic=%2Fcom.ibm.java.security.component.doc.50%2Findex.html.
- Enable and disabling SSL for the Tivoli Enterprise Portal Server
Secure Sockets Layer (SSL) configuration is for CORBA traffic (as opposed to HTTP traffic) that is used between clients and the portal server. The default port for CORBA traffic is 15001. IBM Tivoli Monitoring is shipped with SSL disabled as the default. To use Secure Sockets Layer communication between the portal server and the portal client, use the steps in this section to enable it.
- Disable SSL
If you do not want to use Secure Sockets Layer communication between IBM Tivoli Monitoring components and the Tivoli Enterprise Portal Server, use the steps outlined in this section to disable it.
Parent topic:
Additional Tivoli Enterprise Portal configurations