A Single ITCAM Agent for DataPower with Multiple DP appliances with different certificate

Answer

• For DataPower agent v7.1 FP2 and FP3 -

On agent side, we can configure 1 certificate for every DP appliance. And the configuration is only used for agent to import the certificate info cacerts as trusted certificate. When agent is started, it will load the valid certificate from cacerts to connect to DP appliance.

So you need not care the key alias, you only need configure the valid certificate for every DP appliance.

*** For FP2/FP3, you only need configure the certificate as "SSL Proxy Profile" as below

• For DataPower agent v7.1 FP1 (include IF01 and IF02) and earlier version -

Agent can not import the certficate automatically. So we need import the valid certificate via command keytool and provide an alias for every certificate. For different certificate, you can provide different alias.

*** For FP1 or earlier version, you need import the certificates via the command as below

/opt/IBM/ITMCHL/JRE/lx8266/bin/keytool -import -trustcacerts -alias ligitalsso -keystore /opt/IBM/ITMCHL/JRE/lx8266/lib/security/cacerts -storepass changeit -file /NEWSSL-sscert.pem

ligitalsso is alias, and /NEWSSL-sscert.pem is the path of certificate.

You can provide different for different certificate.