Certificate-Based authentication is an authentication method that IBM® Sterling Control Center Director can use to authenticate itself to a Connect:Direct® server. Certificate-Based Authentication eliminates the need for IBM Sterling Control Center Director to store passwords for authentication to Connect:Direct.
Setting up Connect:Direct for Certificate-based Authentication
For a new certificate, import the certificate into Connect:Direct KeyStore:
Open spadmin window> Go to Keytore Configuration>Personal Certificates>Import the pem file.
- Go to Signer Certificates> Import CA certificate (ca.crt)
- The certificate presented by the IBM Sterling Control Center Director must be trusted by the Connect:Direct server and the one presented by Connect:Direct must be trusted by Control Center Director.
- Connect:Direct User Authorities must include a user whose username is the Common Name of IBM Sterling Control
Center Director's end-entity certificate.
The user must be assigned the permissions required to monitor Connect:Direct. Set
client.cert_authto Y in the Functional Authority Entry for that user.Note: The Connect:Direct user Authority controls user access to the Connect:Direct server and controls Connect:Direct commands and statements that users can execute.
- Enable Client Authentication in the Secure+ Client record.
For more information, see: