Tuesday, October 6, 2015

TSM OC. Замена самоподписанного сертификата на официальный


  1. You need server sertificates with private key and root and intermidiate sertificates in PFX file.
  2. Copy this PFX file to server with Tivoli Operation Center.
  3. Login to server with installed Tivoli Operation Center to GUI.
  4. Start bash terminal.
  5. You need root access for this actions.
  6. Stop Tivoli Operation Center service
    service opscenter.rc stop
  7. Run utility ikeyman. This utility require GUI.
    <installation_dir>/ui/jre/bin/ikeyman
    <installation_dir> - full path to directory in wich Tivoli Operation Center is installed. By default this is /opt/tivoli/tsm/
  8. Click Key Database File > Open.
    • Key database type - JKS
    • click "Browse..." and go to the following directory
      <installation_dir>/ui/Liberty/usr/servers/guiServer
    • In the guiServer directory, select the gui-truststore.jks file.
    • Click "Open", and click "OK".
  9. Enter the password for the truststore file, and click "OK".
  10. If you lost password for truststore file, you can reset it. See Resetting the password for the Operations Center truststore file.
    You should reset password for truststore file before importing new certificates.
  11. In the Key database content area of the IBM Key Management window, click the arrow, and select Personal Certificates from the list.
  12. Click "Export/Import".
    • select Import Key
    • Key file type - PKCS12
    • click "Browse..." and select PFX file with new server certificates
    • click "OK", enter password for PFX file and click "OK"
    • You will see window Select from Key Label List
    • In this window with Ctrl+LeftClick select all labels and click "OK"
    • In window Change Labels you can change label for imported certificates and click "OK"
  13. Root and intermidiate certificates will be imported to "Signer Certificates", server certifciate - to "Personal Certificates".
  14. In "Personal Certificates" delete "default" certificate. This is auto generated self-signed certificate for Tivoli Operation Center.
  15. Rename imported server certificate to "default".
  16. Close iKeyman.
  17. Start Tivoli Operation Center service
    service opscenter.rc start
  18. Chek in browser that Tivoli Operation Center uses imported server certificate.
Links: Configuring for SSL communication between the Operations Center and the hub server
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)