Update runtime environment to use HTTPS

Edit online

Update your runtime environment to use HTTPS or to use an HTTPS port other than the default.

Before you begin

Important: With APAR OA64188, HTTPS is the default communication protocol for new runtime environments. For existing runtime environments, if you do not make the necessary manual configuration updates after applying the APAR, HTTPS will be the default protocol using the default HTTPS port number 3661. You must make the updates before running the Configuration Manager GENERATE action or the PARMGEN $PARSE job.
Complete the following steps:

About this task

Perform this task to specify HTTPS as the communication protocol to use between the Tivoli Enterprise Monitoring Server (TEMS) and other components, such as the SOAP server, the IBM Tivoli Monitoring Service Console, the tacmd CLI, and TEMS REST services.

You will use the following parameters when configuring your runtime environment to use HTTPS:
For the TEMS:
For the agents (if applicable):

Procedure

  1. Add (or update) the parameters, as follows:
    • Using Configuration Manager:
      For the TEMS:
      Add the following parameter to RTEDEF(rte_name):
      RTE_TEMS_TRANSPORT_MODE    "HTTPS"
      Add the following parameter to RTEDEF(KDS$PARM), RTEDEF(KDS$lpar), or both:
      KDS_TEMS_HTTPS_PORT_NUM    https_port_num
      Note: If the RTE_TEMS_TRANSPORT_MODE and KDS_TEMS_HTTPS_PORT_NUM parameters are not specified, and your runtime environment is refreshed, the default values will be used (that is, the HTTPS protocol and HTTPS port number 3661).
      For the agents (if you want your agents to use HTTPS):
      Add the following parameter to RTEDEF(Kpp$PARM), and specify a value that is different from the port number that is used for the TEMS:
      Kpp_X_KDE_TRANSPORT_HTTP_OPTIONS    "HTTPS:https_port_num USE:Y"
    • Using PARMGEN:
      For the TEMS:
      Add the following parameters to WCONFIG(rte_name):
      RTE_TEMS_TRANSPORT_MODE    "HTTPS"
KDS_TEMS_HTTPS_PORT_NUM    https_port_num
      Note: If the RTE_TEMS_TRANSPORT_MODE and KDS_TEMS_HTTPS_PORT_NUM parameters are not specified, and your runtime environment is refreshed, the default values will be used (that is, the HTTPS protocol and HTTPS port number 3661).
      For the agents (if you want your agents to use HTTPS):
      Add the following parameter to WCONFIG(rte_name), and specify a value that is different from the port number that is used for the TEMS:
      Kpp_X_KDE_TRANSPORT_HTTP_OPTIONS    "HTTPS:https_port_num USE:Y"
  2. Refresh your runtime environment, as follows:
  3. Start your OMEGAMON started tasks. You should see the following messages in the log:
    For the TEMS: 
    KDE_TRANSPORT=KDC_FAMILIES="HTTP:0 HTTPS:https_port_num USE:Y <...> "

listening: ip.ssl.https:26089
listening: ip.ssl.https:3661
    For the agent:
    • With parameter Kpp_X_KDE_TRANSPORT_HTTP_OPTIONS specified:
      KDE_TRANSPORT=KDC_FAMILIES="HTTP:0 USE:Y HTTPS:agent_https_port_num USE:Y <...> "

listening: ip.ssl.https:26055
    • Without parameter Kpp_X_KDE_TRANSPORT_HTTP_OPTIONS specified:
      KDE_TRANSPORT=KDC_FAMILIES="HTTP:0 USE:Y <...> "
  4. Test your HTTPS connection using the following methods:
    • If you have tacmd configured, issue the following tacmd command using your TEMS IP or DNS and the HTTPS port number. For example: 
      C:\Users\userID>tacmd login -s ip:https_port_num 
 Username? tso_user_id 
 Password? 

Validating user... 
KUIC00007I: User tso_user_id logged into server on https://ip:https_port_num
      Note: To test your connection using tacmd, secure communications must be enabled on the Tivoli Monitoring distributed system where the tacmd CLI component is installed. For more information, see Securing communications.
    • Access the Service Console using https://ip:https_port_num. If the connection is successful, then the Service Console items will be displayed.
    • Attempt to access the Service Console using http://. This attempt should fail.