Validating server certificates

When Tivoli Netcool/OMNIbus is set up for SSL communication, the ObjectServer and process agent present their server certificates to the Netcool/OMNIbus Administrator client, on request, to establish a connection.

About this task

If a mismatch is detected between the common name defined in the server certificate and the server name that the Netcool/OMNIbus Administrator client uses to identify and connect to the server, a Certificate Validation window opens so that you can choose whether to accept or reject the server certificate. Connections will not be established if the certificate is invalid.

The Certificate Validation window provides a reason for the validation request and presents a number of options. Complete the window as follows:

Procedure

  1. Select one of the options to accept or reject the certificate:
    • Accept this certificate permanently: Select this option to permanently accept this certificate as valid. You will no longer be prompted to accept this certificate during the current or subsequent Netcool/OMNIbus Administrator sessions.
      Important: Before you accept the certificate, click Examine Certificate to review the contents of the certificate within the Certificate Details window. After careful examination, click OK to return to the Certificate Validation window.
    • Accept this certificate temporarily for this session: Select this option to accept the certificate for the current session only, after examining the certificate by using the Examine Certificate button. No more validation prompts will be generated for the duration of the session.
    • Do not accept this certificate: Select this option to reject the certificate and cancel the connection between the server and client.
  2. Click OK to continue with the connection process. Click Cancel (or the Close button in the title bar) to reject the certificate irrespective of the option that you selected in step 1.

Results

If you chose to accept the certificate permanently, the common name and public key from the certificate are recorded in the following file:

userdir/.netcool/nco_config_settings/user_allowed_certs.properties

In this file path, userdir represents your home directory.

The user_allowed_certs.properties file is a system file and is not intended for modification by users. On subsequent connection attempts, this file is read and used to identify any common names that were previously accepted.

You can clear the contents of the properties file by specifying the following command-line argument:

mode.clear.certs "true"