This article covers the creation of a certificate request, importing the certificate authority chain, receiving the new certificate, enabling SSL, and disabling non-SSL access to the TEPS.
Assumptions\Defaults for the purposes of this article
- <ITMHome> = /opt/IBM/ITM or C:\IBM\ITM
- JAVA_HOME = <ITMHome>/java/java50/jre
- Use all defaults where possible.
- Keystore = <ITMHome>/keyfiles/keyfile.kdb
- Key database type = CMS
- Common Name should always be the FQDN or the DNS name of the host, label can be anything. For the purposes of this article we will use teps.guardianms.com for both.
- Keysize = 2048
Create the Certificate Request
- Open a command prompt
- <ITMHOME>\InstallITM\GetJavaHome.bat
-
Use the path given to set JAVA_HOME
- Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
- <ITMHOME>\GSK7\bin\gsk7ikm.exe
- Select Key Database File from the menu and then open.
- Select CMS for type
- Default Filename should be keyfile.kdb
- Default Location should be <ITMHOME>\keyfiles\
- Default PW is IBM61TIV
- Select Create from the menu then new certificate request
- Enter a label for the certificate. i.e. teps.guardianms.com
- Keysize should be 2048
- Common Name must be FQDN. i.e. teps.guardianms.com
- Enter your Organizational information (optional, but let’s users know you are the owner)
- Choose where you would like to create a copy of the request, can be anywhere you can access it.
- Click OK
- Open the saved request and forward to your CA Server per your CA’s directions.
Import the CA Chain Certificates
- Open a command prompt
- <ITMHOME>\InstallITM\GetJavaHome.bat
-
Use the path given to set JAVA_HOME
- Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
- <ITMHOME>\GSK7\bin\gsk7ikm.exe
- Select Key Database File from the menu and then open.
- Select CMS for type
- Default Filename should be keyfile.kdb
- Default Location should be <ITMHOME>\keyfiles\
- Default PW is IBM61TIV
- Select Signer Certificates from the Key database content box
-
Click Add
- Note* Signer Certificates may need to go in order. If the first one doesn’t work, try the other then retry the first.
- Data Type will be Base64-encoded ASCII data
- Browse and find the file containing the CA Signed Certificate
- Click OK
- Repeat steps 11-14 as needed.
Receive the Certificate
- Open a command prompt
- <ITMHOME>\InstallITM\GetJavaHome.bat
-
Use the path given to set JAVA_HOME
- Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
- <ITMHOME>\GSK7\bin\gsk7ikm.exe
- Select Key Database File from the menu and then open.
- Select CMS for type
- Default Filename should be keyfile.kdb
- Default Location should be <ITMHOME>\keyfiles\
- Default PW is IBM61TIV
- Click Receive
- Data Type will be Base64-encoded ASCII data
- Browse and find the file containing the CA Signed Certificate
- Click Yes.
Category:
—
GuardianMS
Guarding your IT Experience!
Add new comment