Configuring SSL connections
You can enable Secure Socket Layer (SSL) encryption of data exchanged over HTTP.
- Use the following Java keytool command to generate a key pair for the probe, along with a
keystore file and its associated password:
keytool -genkey -alias alias_id -keystore $OMNIHOME/java/conf/trusted_keystore.jks -storepass password
- When prompted, enter the following details:
- First and Last Name: MTOSI probe at server_hostname
- Organizational Unit: Netcool/OMNIbus Organization IBM
- Organization: IBM
- City: N/A
- State: N/A
- Country: US
- Enter key password: To use the same password that you specified for the keystore password, press ENTER without entering any characters at this prompt.
- For each server where an instance of the probe is installed, generate an X.509 self-signed
certificate for the probe using the following command:
keytool -selfcert -alias alias_id -keystore $OMNIHOME/java/conf/trusted_keystore.jks -storepass password
- For each server where an instance of the probe is installed, generate and export a certificate
file for the probe (probe_cert_filename.cer) using the
following command:
keytool -export -alias alias_id -keystore $OMNIHOME/java/conf/trusted_keystore.jks -storepass password -file probe_cert_filename.cer
Use a unique alias_id value and probe_cert_filename value for each certificate file.
- Manually transfer each certificate file generated in step 4 to the MTOSI server.
- Import each certificate file generated in step 4 to the MTOSI server.
- Obtain and export the MTOSI system certificate file (mtosi_cert_filename.cer).
- For each server where an instance of the probe is installed, import the MTOSI system
certificate (mtosi_cert_filename.cer) using the following
command
keytool -import -alias alias_id -file mtosi_cert_filename.cer -keystore $OMNIHOME/java/conf/trusted_keystore.jks -storepass password
- Specify values for the following probe properties, using the same Java keystore file as both a
key store and a trusted certificates store, and using the same password for each file:
- KeyStore: Specify the location of the trusted_keystore.jks file.
- KeyStorePassword: Specify an unencrypted password for the trusted_keystore.jks file.
- TrustStore: Specify the location of the trusted_keystore.jks file.
- TrustedStorePassword: Specify the same unencrypted password you used for the KeyStorePassword property.
Note: If the keystore file does not require a password, set the KeyStorePassword property to "". - For SSL connections over a HTTP interface, the values that you specify for the
HTTPServiceAlarmRetrievalURL and HTTPServiceAlarmUpdateURL
properties must begin with
https
instead of the defaulthttp
. For example:https://127.0.0.1:8081/nmsnbi/mtosi/AlarmRetrieval
- For SSL connections over the
HTTPServiceNotificationConsumerIP, configure the
ServerType
withHTTPS
.
The probe is now enabled to use SSL connections for exchanging data with the MTOSI server over HTTP.