About this task
By default, the endpoint ports from all services are available in the domain on HTTP
protocol and access control is not enforced. You can enable the Hypertext transfer
protocol secure (HTTPS) as a default connection protocol by following the steps in the Procedure
section.
Procedure
- Open browser and type
https://<FQDN_of_zUnderstand_container>/ad/admin and go to
. The
Security settings page is displayed.
- Select a protocol type.
Note: If you select HTTPS as a connection protocol, both TLS
1.2 and TLS 1.3 are supported.
- If you do not have custom certificates, then you can select the
Self signed certificate files. This option displays the default certificate
that is used in WebSphere Liberty profile service and Authentication Server (DEX) and
configures all other IBM ADDI services to use the same certificate.
- If the certificate is expired or a new Fully Qualified Domain Name (FQDN) has been defined on
the machine, then you can regenerate the certificate by checking the Generate new self
signed certificate files option.
- Once the option is selected, a new field is displayed to enter the new keystore password
reveal.
- Click Save.
- Click OK when a confirmation dialog is displayed. The
saving process takes several minutes.
Note: If you encounter a Page not found message while reloading the browser, this means
that the service is still restarting. You can try reloading the page after a minute and then you can
repeat the process as required.
Once the process is complete, an alert dialog appears
prompting you to restart the browser. This happens because the browser does not yet recognize or
trust the newly installed certificate, resulting in an untrusted certificate
warning that blocks the access to all the pages within the IBM Z Understand Configuration Service
Admin.