Authenticating IBM Sterling Control Center Monitor to IBM Sterling Connect:Direct with a Certificate

Certificate authentication refers to the way to authenticate IBM® Sterling Control Center Monitor to a Sterling Connect:Direct® server with an IBM Sterling Control Center Monitor SSL certificate. With certificate authentication, you do not need to update the Sterling Connect:Direct node settings in IBM Sterling Control Center Monitor when the Sterling Connect:Direct passwords are changed.

When certificate authentication is enabled, IBM Sterling Control Center Monitor sends your user information to the Sterling Connect:Direct server through a secure connection. To configure IBM Sterling Control Center Monitor to monitor a Sterling Connect:Direct server with certificate authentication, see Adding a server.

You are also authorized to manage the Sterling Connect:Direct server with IBM Sterling Control Center Monitor depending on your authority with IBM Sterling Control Center Monitor. When you are creating the IBM Sterling Control Center Monitor certificate, the value in the Common Name field needs to also be a Sterling Connect:Direct User Authority that is going to be used to log in to the Sterling Connect:Direct server. The Sterling Connect:Direct user Authority controls user access to the Sterling Connect:Direct server and controls the Sterling Connect:Direct commands and statements users can use.

The following three conditions must be satisfied for a client connection to be authenticaed when the Sterling Connect:Direct server completes certificate authentication:

The certificate that is presented by the client must be trusted by the Sterling Connect:Direct server.
The Common Name of the certificate that is presented by the client must match a Sterling Connect:Direct Functional Authority entry with sufficient permission to monitor the product.
The Sterling Connect:Direct Functional Authority entry must have Certificate Authentication Client Access set to Yes.