Configuring HTTPS

You must perform extra steps in order to configure OOBC to use HTTPS for communication with the Presentation Server.

About this task

To configure OOBC to use HTTPS for communication with the Presentation Server, complete the following steps.

Procedure

  1. Save the root CA certificate to the OOBC user's home directory.
    1. If you installed your own certificates for HTTPS, transfer the root CA certificate to the home directory of the user account that installed OOBC. If you are using the default Websphere-generated certificates, log on to the WebSphere Console of the Presentation Server that OOBC connects to using the Intelliden username and password and a URL such as:
      https://presentationHostname:16316/ibm/console
    2. Click Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates.
    3. Select the root certificate and click Extract.
    4. Enter a file name for the extracted certificate such as /home/netcool/itncm_presentation_rootca.crt, leave the Data type as Base64-encoded ASCII data, and click OK.
    5. Transfer the extracted certificate to the home directory of the user account that installed OOBC.
  2. Import the certificate into the OOBC JRE cacerts keystore, using a command similar to the following example:
    netcool$ cd /$JAVA_HOME/jre/
    
    netcool$ ./bin/keytool -import -trustcacerts -keystore lib/security/cacerts -storepass changeit -file ~/itncm_presentation_rootca.crt -alias itncm_presentation
    
    Owner: CN=g01m06.lab.local, OU=Root Certificate, OU=JazzSMNode01Cell, OU=JazzSMNode01, O=IBM, C=US
    Issuer: CN=g01m06.lab.local, OU=Root Certificate, OU=JazzSMNode01Cell, OU=JazzSMNode01, O=IBM, C=US
    Serial number: 656bda3723d0
    Valid from: 01/03/17 14:03 until: 26/02/32 14:03
    ...
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
  3. Edit the oobc.properties.xml file so that the <protocol> element contains iiops and the <port> element contains the Netcool Configuration Manager Presentation Server HTTPS port (16311 by default). The file should look similar to the following example.
        <intelliden-server>
            <host>itncm.ibm.com</host>
            <port>16311</port>
            <user>OOBCUser</user>
            <password>f62fb89d73347cb4fc8bdc9dedf5620e</password>
            <protocol>iiops</protocol>
            <initialContextFactory>com.ibm.websphere.naming.WsnInitialContextFactory</initialContextFactory>
        </intelliden-server>
  4. Restart OOBC.