Authenticating IBM Sterling Control Center Monitor to Sterling Connect:Direct with a Common Name

To authenticate IBM® Sterling Control Center Monitor to Sterling Connect:Direct® with a common name, you need the value in the Common Name field to be a Sterling Connect:Direct User Authority that is going to be used to log in to the Sterling Connect:Direct server.

Before you begin

Enable client authentication on the Sterling Connect:Direct node with one of the following tasks to enable certificate authentication:

  1. Go to Control Center Director Web Console, click Configuration. From the left navigation pane, under Secure+, click Nodes.
  2. From the list of servers, select the appropriate server to update..Client record.
  3. Enable client authentication for the .Client record of the Sterling Connect:Direct Secure Plus node through Advanced > Client Authentication.
  4. On the Sterling Connect:Direct server, enable client authentication in the .Client record with the Secure+ admin tool.

About this task

Important:
  • Only Sterling Connect:Direct for Microsoft Windows 4.7.0.4, Sterling Connect:Direct for UNIX 4.2.0.4, and later versions support certificate authentication.
  • Certificate authentication requires a secure connection between IBM Sterling Control Center Monitor and the Sterling Connect:Direct server with an SSL, TLS, TLS1.1, or TLS1.2 connection.
  • Depending on the server IBM Sterling Control Center Monitor is monitoring, you can have functionality limitations in IBM Sterling Control Center Monitor with that server. See the Release notes to see what functionality is available with your server.
To authenticate IBM Sterling Control Center Monitor to Sterling Connect:Direct with a common name:

Procedure

  1. Create an IBM Sterling Control Center Monitor certificate that includes a Common Name.
  2. On the Sterling Connect:Direct server that you want to authenticate to, add a Sterling Connect:Direct User Authority that is used to check permissions when certificate authenication is complete.
    This User Authority name must match the Common Name on the IBM Sterling Control Center Monitor certificate that you created in step 1. This user Authority must also have Certificate Authentication Client Access set to Yes.
  3. Save the IBM Sterling Control Center Monitor certificate to the IBM Sterling Control Center Monitor keystore.
  4. Import the trusted certificate authority (CA) root of the IBM Sterling Control Center Monitor certificate to the truststore of the Sterling Connect:Direct server.
  5. In the Server Properties window of IBM Sterling Control Center Monitor, enable certificate authentication by completing the following steps:
    1. From the Connection list, select SSL, TLS, TLS1.1, or TLS1.2.
    2. Leave the User ID field empty or enter any value.
      The user ID is used only in the Sterling Connect:Direct sign on (SGON) record for sign-on auditing; for example, User login successful for User_ID@CN. It does not have to be a Sterling Connect:Direct User Authority or a real Operating System User ID. If the User ID field is left empty, the SGON record shows the host name of the EP; for example, User login successful for EP-Host-Name@CN.
    3. Leave the Password field empty; otherwise, certificate authentication is not enabled.