Configuring the authentication channel for SSL
You can secure communications by using the WebSphere® signer certificates to configure SSL between the authentication client and the authentication server.
To configure for SSL between the authentication client and the authentication server, complete the following steps:
- Do one of the following:
- If you are using the WebSphere instance installed by Tivoli® Integrated Portal, navigate to .
- If you are using the WebSphere instance installed by Tivoli Change and Configuration Management Database (CCMDB) or IBM® SmartCloud Control Desk, navigate to .
- Export the WebSphere signer certificates to files (for example, export dummyclientsigner to signer1.cert and dummyserversigner to signer2.cert). If you are unsure about which certificates to export, you must export all of the signer certificates.
- Copy the .cert files to the TADDM
server. Create a truststore and import the WebSphere signer certificates as follows:
$COLLATION_HOME/external/jdk-Linux-i686/jre/bin/keytool \ -genkey -alias truststore -keystore truststore.jks $COLLATION_HOME/external/jdk-Linux-i686/jre/bin/keytool \ -import -trustcacerts -alias default -file signer1.cert -keystore truststore.jks $COLLATION_HOME/external/jdk-Linux-i686/jre/bin/keytool \ -import -trustcacerts -alias dummyserversigner -file signer2.cert -keystore truststore.jks
- Include the truststore password and location in the $COLLATION_HOME/etc/collation.properties entries:
- Update the Tivoli Authentication
Service URL in the ibmessclientauthncfg.properties file
to use https and port 9443. Ensure that the WebSphere host name is correct, substituting
it for localhost, and that the non-https entry is commented out.
# This is the URL for the ESS Authentication Service #authnServiceURL=http://localhost:9080/TokenService/services/Trust authnServiceURL=https://localhost:9443/TokenService/services/Trust