IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

---

Script to run if your SSL certificates have expired

All SSL certificates have an expiration time. For some certificates, the expiration time is 4 years, after which the product will not function if you have enabled Node Authentication and SSL. If this is the case, to increase the expiration time:

1. Open the script located at MS_home/bin/security_cert.sh with a text editor. This is the content of the script:

   #!/bin/sh
   
   # (C) Copyright IBM Corp. 2005  All Rights Reserved.
   #
   # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
   #
   
   # Note: This script requires $JDK_HOME to be defined and it requires
   # JDK_HOME/bin/keytool to be present. This keytool is available in FULL JDK 
   # versions and may not be available in JRE versions of the install
   
   # PLEASE DEFINE JDK HOME
   
   JDK_HOME=/opt/IBM/WebSphere/AppServer6/java
   
   PATH=${JDK_HOME}/bin:$PATH
   
   # This script generates ALL the certificates and certificate stores required for # ITCAMfWAS Product (DC/MS/Port Consolidator). Currently it populates 
   # certificates with validity of 7000 days. If you feel its too high replace 
   # validity period to a lower number according to your needs. Please Note: once 
   # limit is reached, Product will stop working when NodeAuthentication/SSL is ON
   # Its your responsibility to re-generate the certificates and stores.
   # Please replace ALL the certificates at DC, MS and PortCosolidator level.
   # Partial replacement will NOT work
   
   
   keytool -genkey -alias mgmttomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 
   7000 -keypass 
   cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612 -dname "cn=cyaneamgmt, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
   
   keytool -genkey -alias dctomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 
   7000 -keypass 
   cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612 -dname "cn=cyaneadc, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
   
   keytool -genkey -alias proxytomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity
    7000 -keypass 
   cyanea94612 -keystore ./CyaneaMgmtStore -storepass cyanea94612 -dname "cn=cyaneaproxy, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
   
   keytool -genkey -alias proxytodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity
   7000 -keypass
   oakland94612 -keystore ./CyaneaDCStore -storepass oakland94612 -dname "cn=cyaneaproxy, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
   
   keytool -genkey -alias mgmttodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 
   7000 -keypass 
   oakland94612 -keystore ./CyaneaDCStore -storepass oakland94612 -dname "cn=cyaneamgmt, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
   
   keytool -genkey -alias mgmttoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 
   7000 -keypass 
   oakland94612 -keystore ./CyaneaProxyStore -storepass oakland94612 -dname "cn=cyaneamgmt, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US" 
   
   keytool -genkey -alias dctoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 
   7000 -keypass 
   oakland94612 -keystore ./CyaneaProxyStore -storepass oakland94612 -dname "cn=cyaneadc, 
   OU=CyaneaComp, O=Cyanea, L=Oakland, ST=CA, C=US"
   
   keytool -export -alias mgmttomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass 
   cyanea94612 -file mgmttomgmt.cer 
   
   keytool -export -alias dctomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass 
   cyanea94612 -file dctomgmt.cer 
   
   keytool -export -alias proxytomgmt -keypass cyanea94612 -keystore ./CyaneaMgmtStore -storepass 
   cyanea94612 -file proxytomgmt.cer
   
   keytool -export -alias proxytodc -keypass oakland94612 -keystore ./CyaneaDCStore -storepass 
   oakland94612 -file proxytodc.cer 
   
   keytool -export -alias mgmttodc -keypass oakland94612 -keystore ./CyaneaDCStore -storepass 
   oakland94612 -file mgmttodc.cer
   
   keytool -export -alias mgmttoproxy -keypass oakland94612 -keystore ./CyaneaProxyStore -storepass 
   oakland94612 -file mgmttoproxy.cer 
   
   keytool -export -alias dctoproxy -keypass oakland94612 -keystore ./CyaneaProxyStore -storepass 
   oakland94612 -file dctoproxy.cer 
   
   cp ./CyaneaMgmtStore ./CyaneaMgmtStore_Comm
   cp ./CyaneaDCStore ./CyaneaDCStore_Comm
   cp ./CyaneaProxyStore ./CyaneaProxyStore_Comm
   
   keytool -keystore ./CyaneaMgmtStore_Comm -storepass cyanea94612 -import -alias mgmttodc 
   -file ./mgmttodc.cer
   
   keytool -keystore ./CyaneaMgmtStore_Comm -storepass cyanea94612 -import -alias mgmttoproxy 
   -file ./mgmttoproxy.cer
   
   keytool -keystore ./CyaneaDCStore_Comm -storepass oakland94612 -import -alias dctomgmt 
   -file ./dctomgmt.cer
   
   keytool -keystore ./CyaneaDCStore_Comm -storepass oakland94612 -import -alias dctoproxy  
   -file ./dctoproxy.cer
   
   keytool -keystore ./CyaneaProxyStore_Comm -storepass oakland94612 -import -alias  proxytodc 
   -file ./proxytodc.cer
   
   keytool -keystore ./CyaneaProxyStore_Comm -storepass oakland94612 -import -alias proxytomgmt  
   -file ./proxytomgmt.cer

2. Specify the path for the location of the Java home directory for the JDK_HOME parameter. For example,

   JDK_HOME=D:\IBM\AppServer\java

3. If the increase in expiration time to 20 years (7000 days) is too much, modify the script. Change the value of -validity 7000 to a lower number of days, in all instances it occurs in the script. For example, change all instances of -validity 7000 to -validity 3500.

4. Save the changes and run the script.

Parent topic:

Set up security

---

+

Search Tips   |   Advanced Search