Creating deployment manager profiles using the Profile Management Tool

You can create a deployment manager profile using the Profile Management Tool.

1. Use one of the following methods to start the Profile Management Tool.
   • Start the tool from the Quick Start console.
   • Run the command installation_root/bin/ProfileManagement/pmt.sh.
2. On the Welcome page, click Launch Profile Management Tool or select the Profile Management Tool tab.
3. On the Profiles tab, click Create.

   The Environment Selection page opens in a separate window.

4. On the Environment Selection page, locate the IBM® Business Process Manager configuration and expand the section. Select the IBM BPM deployment manager profile template and click Next.
5. On the Profile Name and Location page, complete the following steps:
   1. In the Profile name field, specify a unique name or accept the default value. Each profile that you create must have a name. When you have more than one profile, you can tell them apart at their highest level by this name.
   2. In the Profile directory field, enter the directory for the profile or use the Browse button to go to the profile directory. The directory you specify will contain the files that define the runtime environment, such as commands, configuration files, and log files. The default directory is installation_root/profiles/profile_name.
   3. Optional: Select Make this profile the default to make the profile you are creating the default profile. This check box is shown only if you have an existing profile on your system.

      When a profile is the default profile, commands work automatically with it. The first profile that you create on a workstation is the default profile. The default profile is the default target for commands that are issued from the bin directory in the product installation root. When only one profile exists on a workstation, every command operates on that profile. If more than one profile exists, certain commands require that you specify the profile to which the command applies.

   4. Click Next. If you click Back and change the name of the profile, you might have to manually change the name on this page when it is displayed again.
6. On the Node, Host and Cell Names page, complete the following actions for the profile you are creating:
   • In the Node name field, enter a name for the node or accept the default value. Try keeping the node name as short as possible, but ensure that node names are unique within your deployment environment.
   • In the Host name field, enter a name for the host or accept the default value.
   • In the Cell name field, enter a name for the cell or accept the default value.

   Click Next.

7. Required: On the Administrative Security page, enter values for the User name, Password, and Confirm password. The user entered must exist and must have administrative privileges. The Next button is enabled only after you enter the values.

   Click Next.

8. On the Security Certificate (Part 1) page, specify whether to create new certificates or import existing certificates.
   • To create a new default personal certificate and a new root signing certificate, select Create a new default personal certificate and Create a new root signing certificate, and click Next.
   • To import existing certificates, select Import an existing default personal certificate and Import an existing root signing certificate and provide the following information:
     • In the Path field, enter the directory path to the existing certificate.
     • In the Password field, enter the password for the certificate
     • In the Keystore type field, select the keystore type for the certificate you are importing.
     • In the Keystore alias field, select the keystore alias for the certificate you are importing.
     • Click Next to display the Security Certificate (Part 2) page
     When you import a personal certificate as the default personal certificate, import the root certificate that signed the personal certificate. Otherwise, the Profile Management Tool adds the signer of the personal certificate to the trust.p12 file.
9. On the Security Certificate (Part 2) page, verify that the certificate information is correct, and click Next to display the Port Values Assignment page.

   If you create the certificates, you can use the default values or modify them to create new certificates. The default personal certificate is valid for one year by default and is signed by the root signing certificate. The root signing certificate is a self-signed certificate that is valid for 15 years by default. The default keystore password for the root signing certificate is WebAS. Change the password. The password cannot contain any double-byte character set (DBCS) characters because certain keystore types, including PKCS12, do not support these characters. The keystore types that are supported depend on the providers in the java.security file.

   When you create either or both certificates, or import either or both certificates, the keystore files that are created are:

   • key.p12: Contains the default personal certificate.
   • trust.p12: Contains the signer certificate from the default root certificate.
   • root-key.p12: Contains the root signing certificate.
   • default-signers.p12: Contains signer certificates that are added to any new keystore file that you create after the server is installed and running. By default, the default root certificate signer and a DataPower® signer certificate are in this keystore file.
   • deleted.p12: Holds certificates deleted with the deleteKeyStore task so that they can be recovered if needed.
   • ltpa.jceks: Contains server default Lightweight Third-Party Authentication (LTPA) keys that the servers in your environment use to communicate with each other.

   These files all have the same password when you create or import the certificates, which is either the default password, or a password that you specify. An imported certificate is added to the key.p12 file or the root-key.p12 file. If you import any certificates and the certificates do not contain the information that you want, click Back to import another certificate.
10. On the Port Values Assignment page, verify that the ports specified for the profile are unique and click Next. The Profile Management Tool detects ports currently used by other WebSphere® products and displays recommended port values that do not conflict with existing ones. If you have applications other than WebSphere ones that use specified ports, verify that the ports do not conflict.
    Ports are recognized as being in use if the following conditions are satisfied:

    • The ports are assigned to a profile created under an installation performed by the current user.
    • The ports are currently in use.

    Although the tool validates ports when you access the Port Values Assignment page, port conflicts can still occur resulting from selections you make on subsequent Profile Management Tool pages. Ports are not assigned until profile creation completes.
    If you suspect a port conflict, you can investigate it after the profile is created. Determine the ports used during profile creation by examining the following file:

    profile_root/properties/portdef.props

    Included in this file are the keys and values used in setting the ports. If you discover port conflicts, you can reassign ports manually. To reassign ports, see "Updating ports in existing profiles" in the WebSphere Application Server information center. Run the updatePorts.ant file through the ws_ant script detailed in this topic.
11. On the Profile Summary page, review the information. Click Create to create the profile or Back to change the characteristics of the profile.
12. On the Profile Complete page, review the information. To proceed to the Quick Start console, make sure that Launch Quick Start console is selected and click Finish.