About this task
By default, the endpoint ports from all services are available in the domain on
HTTP protocol and access control is not enforced. You
can enable the Hypertext transfer protocol secure (HTTPS) as a default
connection protocol by following the steps in the Procedure section. Access control can be enabled
through Configuring Authentication Server (DEX).
Procedure
- Access , and go to
. The Security
settings page is displayed.
- Select a protocol type. Starting with IBM® AD 6.1.3, if you select HTTPS as a connection protocol, both TLS
1.2 and TLS 1.3 are supported.
Important: This step implies the use of certificates. If you want to set the
communication to be secured, make sure that a certificate authority issues a signed certificate
(.crt), a nonencrypted private key for the certificate
(.key), and the keystore file that needs to have one of the
following extensions: .jks, .keystore, .pfx, .p12, or .ks.
Restriction: There is a limitation in supporting TLS 1.3. When Java™
Semeru 8 was used, Db2® for LUW cannot be connected successfully.
- Select one of the options to secure the communications between servers and
services.
- If you have prepared certificate files, you can select Custom certificate
files. This option is recommended for production environments.
- Drag and drop the three required files or click to browse.
- After all files are successfully uploaded, enter the Keystore
Password.
- Click Save.
- Select the Self signed certificate files. This option will show the
default certificate that is used in WebSphere Liberty profile service and Authentication Server (DEX) and will configure all other IBM AD services to use the same certificate.
- If the certificate is expired or a new Fully Qualified Domain Name (FQDN) has been defined on
the machine, you can regenerate the certificate by checking the Generate new self signed
certificate files option.
- Once the option is selected, a new field is displayed to enter the new keystore password
reveal.
- Click Save.
- Click OK when a confirmation dialog is displayed. The
saving process takes several minutes.
Note: If you encounter a Page not found message while reloading the browser, this means
that the service is still restarting. You can try reloading the page after a minute and then you can
repeat the process as required.
After the process is completed, an alert dialog might be
displayed to indicate that a browser might need to be restarted. It is because that the browser does
not know about or trust the new certificate and shows an untrusted certificate page that blocks the
access to all page within the IBM Application Discovery Configuration Service
Admin.
What to do next
You can set up a secure communication for: