1. Tutorials
  2. IBM Tivoli
  3. How to enable SSL\HTTPS and disable HTTP on ITM 6.2.2 TEPS

How to enable SSL\HTTPS and disable HTTP on ITM 6.2.2 TEPS

This article covers the creation of a certificate request, importing the certificate authority chain, receiving the new certificate, enabling SSL, and disabling non-SSL access to the TEPS.

Assumptions\Defaults for the purposes of this article

  1. <ITMHome> = /opt/IBM/ITM or C:\IBM\ITM
  2. JAVA_HOME = <ITMHome>/java/java50/jre
  3. Use all defaults where possible.
  4. Keystore = <ITMHome>/keyfiles/keyfile.kdb
  5. Key database type = CMS
  6. Common Name should always be the FQDN or the DNS name of the host, label can be anything.  For the purposes of this article we will use teps.guardianms.com for both.
  7. Keysize = 2048

Create the Certificate Request

  1. Open a command prompt
  2. <ITMHOME>\InstallITM\GetJavaHome.bat
  3. Use the path given to set JAVA_HOME
    1. Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
  4. <ITMHOME>\GSK7\bin\gsk7ikm.exe
  5. Select Key Database File from the menu and then open.
  6. Select CMS for type
  7. Default Filename should be keyfile.kdb
  8. Default Location should be <ITMHOME>\keyfiles\
  9. Default PW is IBM61TIV
  10. Select Create from the menu then new certificate request
  11. Enter a label for the certificate.  i.e. teps.guardianms.com
  12. Keysize should be 2048
  13. Common Name must be FQDN.  i.e. teps.guardianms.com
  14. Enter your Organizational information (optional, but let’s users know you are the owner)
  15. Choose where you would like to create a copy of the request, can be anywhere you can access it.
  16. Click OK
  17. Open the saved request and forward to your CA Server per your CA’s directions.

Import the CA Chain Certificates

  1. Open a command prompt
  2. <ITMHOME>\InstallITM\GetJavaHome.bat
  3. Use the path given to set JAVA_HOME
    1. Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
  4. <ITMHOME>\GSK7\bin\gsk7ikm.exe
  5. Select Key Database File from the menu and then open.
  6. Select CMS for type
  7. Default Filename should be keyfile.kdb
  8. Default Location should be <ITMHOME>\keyfiles\
  9. Default PW is IBM61TIV
  10. Select Signer Certificates from the Key database content box
  11. Click Add
    1. Note* Signer Certificates may need to go in order.  If the first one doesn’t work, try the other then retry the first.
  12. Data Type will be Base64-encoded ASCII data
  13. Browse and find the file containing the CA Signed Certificate
  14. Click OK
  15. Repeat steps 11-14 as needed.

Receive the Certificate

  1. Open a command prompt
  2. <ITMHOME>\InstallITM\GetJavaHome.bat
  3. Use the path given to set JAVA_HOME
    1. Set JAVA_HOME=C:\IBM\ITM\java\java50\jre
  4. <ITMHOME>\GSK7\bin\gsk7ikm.exe
  5. Select Key Database File from the menu and then open.
  6. Select CMS for type
  7. Default Filename should be keyfile.kdb
  8. Default Location should be <ITMHOME>\keyfiles\
  9. Default PW is IBM61TIV
  10. Click Receive
  11. Data Type will be Base64-encoded ASCII data
  12. Browse and find the file containing the CA Signed Certificate
  13. Click Yes.
Category: 
Share: 

GuardianMS
Guarding your IT Experience!

Add new comment

More information about text formats