How to Create a Certificate Request for Tivoli Integrated Portal

The following steps will describe the process for creating a certificate request on the Tivoli Integrated Portal (TIP) 2.2 for Impact or OMNIbus.  This may work with other versions of TIP as well, but I have only tried it on TIP 2.2. 

After this step you will need to:

  1. Import CA Signed Certificates into TIP 2.2.
  2. Import the CA Chain Certificates into TIP 2.2.
  3. Replace the default SSL certificate for your Portal.

Create a Certificate Request:

  1. Log into the TIP Administrative Console.  By default this is https://<myhost>:16316/ibm/console.  Alternatively, you can log into TIP and go to settings > Websphere Administrative Console > Launch Websphere administrative console.
  2. Expand Security and click on SSL certificate and key management.
  3. Click on Key stores and certificates.
  4. Click on a keystore or create a new one.  (For this example we will use NodeDefaultKeyStore)
  5. Click on Personal Certificate Requests.
  6. Click New.
  7. For File Enter: ${CONFIG_ROOT}/cells/TIPCell/nodes/TIPNode/new-cert-request.p12
    1. This will export your request file to: <TIPHOME>/profiles/TIPProfile/config/cells/TIPCell/nodes/TIPNode/new-cert-request.p12
    2. You can enter any file in this field: i.e. /tmp/new-cert-request.txt.
  8. Choose a label.  I usually use the FQDN of the server.
  9. Set your Signature Algorithm and Keysize according to the Certificate Authority.
  10. Enter the common name.  This will typically be the FQDN of the server.
  11. Enter your Organization, Organizational Unit, Locality, State\Province, Zip code, and Country.  These are optional, but can help users to better identify the server, in some organizations or certificate authorities they may require certain values.  Check with your Certificate Authority for more info.
  12. Click Apply.
  13. Click Save.
  14. Download the file you just created in step 7.  The entire contents of that file are your request and can be forwarded to your certificate authority according to their procedures for requesting a certificate.

*You can re-export the request at another time if you lose the original.  The request will usually expire in 90 days.  Here are some instruction on exporting previosly generated certificate request from TIP.

Category: 
Share: 

GuardianMS
Guarding your IT Experience!

Add new comment