Configuring the console for a secure connection

To ensure the secure transfer of information between IBM® Sterling Control Center Monitor and a console, use an HTTPS connection between the two locations. You can configure the console for a secure connection in either a high availability or a non-high availability environment.

  • Consult your system security administrator for any site-specific security requirements.
  • Create and configure the keystore and truststore files in IBM Sterling Control Center Monitor.
  • Obtain certificates. The console needs the private key and certificate for the console and the root certificate for the engine. Take one of the following actions:
    • Generate a CSR to obtain the certificate from a third-party certificate authority.
    • Create a self-signed certificate.
  • On the computers where the console is running, create and save keystore files in JKS format.
    Important: The passphrase for the certificate and the keystore must be the same.
  • On the computer where the engine is running, create and save truststore files that contain CA information in JKS format.
  • Configure the IBM Sterling Control Center Monitor engine for a secure connection.

In a high availability environment, every event processor's keystore certificate must be trusted by your other event processors in the cluster. In every event processor's truststore, you must include the certificate. You can use the same keystore and truststore files for every event processor in your high availability environment. You might receive a browser security warning when you access the web console on an event processor where the common name does not match the host name that you are connecting to.