Importing a Certificate Authority Chain Certificate into Tivoli Integrated Portal

The following steps will describe the process for importing Certificate Authority Chain Certificates on the Tivoli Integrated Portal (TIP) 2.2 for Impact or OMNIbus.  This may work with other versions of TIP as well, but I have only tried it on TIP 2.2. 

Before this step you will need to:

1. Generate a Certificate Request on TIP 2.2.
2. Import CA Signed Certificates into TIP 2.2.

After this step you will need to:

1. Replace the default SSL certificate for your Portal.

Import the Certificate Authority Chain Certificate:

1. Copy the certificate to the server.  For this example we’ll put it in /tmp and call it mycacert.p12 (most CAs will have multiple certificates, repeat steps 1 and 5- for each CA Certificate).
2. Log into the TIP Administrative Console.  By default this is https://<myhost>:16316/ibm/console.  Alternatively, you can log into TIP and go to settings > Websphere Administrative Console > Launch Websphere administrative console.
3. Expand Security and click on SSL certificate and key management.
4. Click on Manage endpoint security configurations.
5. Click on your Inbound Node, in this case, Inbound > TIPCell > nodes > TIPNode(NodeDefaultSSLSettings.null).
6. Click on Key stores and certificates.
7. Click on NodeDefaultTrustStore or create your own TrustStore.
8. Click on Signer Certificates.
9. Click Add.
10. Give your CA Certificate an Alias.  i.e. CACert1
11. Enter the path and filename to the cert you uploaded to the server.  i.e. /tmp/mycacert.p12
12. Click Apply.
13. Click Save.