Configuring HTTPS
You must perform extra steps in order to configure OOBC to use HTTPS for communication with the Presentation Server.
About this task
To configure OOBC to use HTTPS for communication with the Presentation Server, complete the following steps.
Procedure
-
Save the root CA certificate to the OOBC user's home directory.
-
If you installed your own certificates for HTTPS, transfer the root CA certificate to the home
directory of the user account that installed OOBC. If you are using the default Websphere-generated
certificates, log on to the WebSphere Console of the Presentation Server that OOBC connects to using
the Intelliden username and password and a URL such as:
https://presentationHostname:16316/ibm/console
- Click Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates.
- Select the root certificate and click Extract.
-
Enter a file name for the extracted certificate such as
/home/netcool/itncm_presentation_rootca.crt, leave the Data type as
Base64-encoded ASCII data
, and click OK. - Transfer the extracted certificate to the home directory of the user account that installed OOBC.
-
If you installed your own certificates for HTTPS, transfer the root CA certificate to the home
directory of the user account that installed OOBC. If you are using the default Websphere-generated
certificates, log on to the WebSphere Console of the Presentation Server that OOBC connects to using
the Intelliden username and password and a URL such as:
-
Import the certificate into the OOBC JRE cacerts keystore, using a command similar to the
following example:
netcool$ cd /$JAVA_HOME/jre/ netcool$ ./bin/keytool -import -trustcacerts -keystore lib/security/cacerts -storepass changeit -file ~/itncm_presentation_rootca.crt -alias itncm_presentation Owner: CN=g01m06.lab.local, OU=Root Certificate, OU=JazzSMNode01Cell, OU=JazzSMNode01, O=IBM, C=US Issuer: CN=g01m06.lab.local, OU=Root Certificate, OU=JazzSMNode01Cell, OU=JazzSMNode01, O=IBM, C=US Serial number: 656bda3723d0 Valid from: 01/03/17 14:03 until: 26/02/32 14:03 ... Trust this certificate? [no]: yes Certificate was added to keystore
-
Edit the oobc.properties.xml file so that the
<protocol>
element containsiiops
and the <port> element contains the Netcool Configuration Manager Presentation Server HTTPS port (16311 by default). The file should look similar to the following example.<intelliden-server> <host>itncm.ibm.com</host> <port>16311</port> <user>OOBCUser</user> <password>f62fb89d73347cb4fc8bdc9dedf5620e</password> <protocol>iiops</protocol> <initialContextFactory>com.ibm.websphere.naming.WsnInitialContextFactory</initialContextFactory> </intelliden-server>
- Restart OOBC.