IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Exporting the IBM HTTP Server signer certificate

On the computer system where the load balancing IBM HTTP Server is installed, export the public signer certificate from the key database using the iKeyman graphical interface.

About this task

Alternatively, you can use the gskcmd command-line interface to complete this task. For detailed information on using the gskcmd command-line interface, see "Managing keys with the gskcmd command line interface (Distributed systems)" in the WebSphere Application Server Information Center.

Procedure

  1. On the computer system where the load balancing IBM HTTP Server is installed, export the public signer certificate from the key database using the iKeyman graphical interface.
    Start the key management utility (iKeyman) using one of these methods:
    • Windows Click Start > Programs > IBM HTTP Server V8.5 > Start Key Management Utility.
    • LinuxUNIX From the command-line run <install_dir>/bin/ikeyman or change to the <install_dir>/bin directory and type ikeyman, where <install_dir> is the directory where the WebSphere Plugin is installed (such as /opt/IBM/WebSphere/Plugins). If you start IKEYMAN to create a new key database file, the utility stores the file in the directory where you start IKEYMAN.
  2. Click Key Database File from the main UI, then click Open.
  3. Specify the location of the CMS key database file plugin-key.kdb that is specified in the HTTP server plugin-cfg.xml file.

    By default the file is plugin-key.kdb.

    When using HTTP server V8.5, the following default locations apply:

    Windows C:\Program Files\IBM\WebSphere\Plugins_1\config\webserver1

    LinuxUNIX /opt/IBM/Websphere/Plugins/config/webserver1

  4. Provide the password for the key database and click OK. The default password is WebAS.
  5. From the Key database content drop down list, select Signer Certificates.
  6. Select the trusted root certificate used to sign the IBM HTTP server SSL certificate.
    Tip: If you are not sure which signer certificate is the trusted root certificate, select a certificate and click View / Edit. In the Key information dialog window, check if the Set the certificate as trusted root option is selected.
  7. Click Extract.
  8. In the Extract Certificate to a File dialog box, set the following fields:
    • Data type: Base64-encoded ASCII data.
    • Certificate file name: Accept the default of cert.arm or specify a different name.
    • Location: Type the drive and directory where you want to store the file or use Browse to select a drive and directory.
  9. Click OK to export the public signer certificate to the file name and directory specified above.
Parent topic: Configuring TLS/SSL communication between Dashboard Application Services Hub and an HTTP server used for load balancing multiple portal servers

Feedback