Topic
  • 8 replies
  • Latest Post - ‏2013-06-21T07:37:30Z by DavidCerezo
17VG_Rafa_Guerrero
17VG_Rafa_Guerrero
4 Posts

Pinned topic XML cert expired

‏2013-06-11T08:47:28Z |

I use a XML file as session token, and my datapower processes must uptate the file every days.

I have a certificate which was expired (datapowerXMLmgmt.cer).

I found this help: http://www-01.ibm.com/support/docview.wss?uid=swg21633306

"- For the XML Management Interface certificate, the instructions are similar but you go to the Control Panel -> Network -> Management -> XML Management Service and click on the Advanced tab."

But this option is only found in default domain. And my objects that use this certificate are in other domain. The referenced tab have the options Custom SSL Proxy Profile --> none and Custom User Agen --> none.

I was tried generate the certificate but the result format isn't .cer.

My firmware version is 3.8.0.7. I know that is a old version but my client doesn't want to update it.

How can I generate a correct certificate to this problem? Is my study correct? Can give me some clue more?

Thanks, Rafa Guerrero

  • Miel
    Miel
    49 Posts

    Re: XML cert expired

    ‏2013-06-11T09:42:28Z  

    Hi Rafa,

                  I was tried generate the certificate but the result format isn't .cer. How can I generate a correct certificate to this problem?

                       U can create a .pem certificate and convert that certificate to .cer format using  open-SSL. below is the command to convert .pem to .cer 

                   "  openssl x509 -inform PEM -in yourCertficate.pem -outform DER -out yourCertificate.cer "

    than upload your .cer certficate .

     

     

  • 17VG_Rafa_Guerrero
    17VG_Rafa_Guerrero
    4 Posts

    Re: XML cert expired

    ‏2013-06-12T11:35:52Z  
    • Miel
    • ‏2013-06-11T09:42:28Z

    Hi Rafa,

                  I was tried generate the certificate but the result format isn't .cer. How can I generate a correct certificate to this problem?

                       U can create a .pem certificate and convert that certificate to .cer format using  open-SSL. below is the command to convert .pem to .cer 

                   "  openssl x509 -inform PEM -in yourCertficate.pem -outform DER -out yourCertificate.cer "

    than upload your .cer certficate .

     

     

    I can convert the certificate now. Thanks. 

    But I think that I don't generate correctly the certificate (.pem). 

    The certificate that I'm trying to generate is for XML Management Interface: http://www-01.ibm.com/support/docview.wss?uid=swg21633306

    I'm trying with Key Tools. 

    Please, How will can I?

  • Miel
    Miel
    49 Posts

    Re: XML cert expired

    ‏2013-06-13T02:55:52Z  

    I can convert the certificate now. Thanks. 

    But I think that I don't generate correctly the certificate (.pem). 

    The certificate that I'm trying to generate is for XML Management Interface: http://www-01.ibm.com/support/docview.wss?uid=swg21633306

    I'm trying with Key Tools. 

    Please, How will can I?

    It look likes you have created the certificate with java key Tool, is it rite?

    I Suggest to create the certificate using datapower Crypto Tools and convert the .pem cert to .cer.

     

  • 17VG_Rafa_Guerrero
    17VG_Rafa_Guerrero
    4 Posts

    Re: XML cert expired

    ‏2013-06-13T08:04:43Z  
    • Miel
    • ‏2013-06-13T02:55:52Z

    It look likes you have created the certificate with java key Tool, is it rite?

    I Suggest to create the certificate using datapower Crypto Tools and convert the .pem cert to .cer.

     

    I did that (create the certificate with Crypto Tools). 
     
     
    But I don't know how I can do. "...added the generated cert to the list of trusted certs..."
     
    I mustn't break nothing and I can't find clear documentation.

     

  • Miel
    Miel
    49 Posts

    Re: XML cert expired

    ‏2013-06-13T08:35:50Z  
    I did that (create the certificate with Crypto Tools). 
     
     
    But I don't know how I can do. "...added the generated cert to the list of trusted certs..."
     
    I mustn't break nothing and I can't find clear documentation.

     

    1st create Custom SSL Proxy Profile for your XML Management Interface.

    In that SSL Proxy profile you have to create or add the existing Crypto Profile, Inside the Crypto profile object , you have to configure "Crypto Validation Credentials".

    In Crypto Validation Credentials you can add the trusted certificate.

    this link will guide you for the same.

    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/topic/com.ibm.dp.xi.doc/multiprotocolgatewaydevelopersguide.xi5072.htm?path=4_3_0_4_11_3#valcred_creatingselectcertificates_task

  • DavidCerezo
    DavidCerezo
    2 Posts

    Re: XML cert expired

    ‏2013-06-19T11:17:43Z  
    • Miel
    • ‏2013-06-13T08:35:50Z

    1st create Custom SSL Proxy Profile for your XML Management Interface.

    In that SSL Proxy profile you have to create or add the existing Crypto Profile, Inside the Crypto profile object , you have to configure "Crypto Validation Credentials".

    In Crypto Validation Credentials you can add the trusted certificate.

    this link will guide you for the same.

    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/topic/com.ibm.dp.xi.doc/multiprotocolgatewaydevelopersguide.xi5072.htm?path=4_3_0_4_11_3#valcred_creatingselectcertificates_task

    1st create Custom SSL Proxy Profile for your XML Management Interface... What domain should I use to create it? Default or the one where I have placed my development?

     

    This link is for the firware 5.0.0, but I have the firware 3.8.0.7. Could you give us the steps for this version?

     

    Thanks in advance,

    David

  • Miel
    Miel
    49 Posts

    Re: XML cert expired

    ‏2013-06-21T05:38:33Z  

    1st create Custom SSL Proxy Profile for your XML Management Interface... What domain should I use to create it? Default or the one where I have placed my development?

     

    This link is for the firware 5.0.0, but I have the firware 3.8.0.7. Could you give us the steps for this version?

     

    Thanks in advance,

    David

    XML management is configured in default domain only. you need to create the SSL profile for the same where it located, it means default domain.

    the same steps follows in firmware 5.0.0 also .

  • DavidCerezo
    DavidCerezo
    2 Posts

    Re: XML cert expired

    ‏2013-06-21T07:37:30Z  
    • Miel
    • ‏2013-06-21T05:38:33Z

    XML management is configured in default domain only. you need to create the SSL profile for the same where it located, it means default domain.

    the same steps follows in firmware 5.0.0 also .

    OK - thx - understood