Migrating from a self-signed certificate to a single signed chain certificate
Before you begin:
- Make sure that a Java™ Runtime Environment is installed on your machine, and the Java_HOME variable is defined in the Environment variables. For more information, see the Java requirements section.
- Make sure that you obtained a signed certificate from a certificate authority (CA), and you have its root certificate and the private key of the certificate signing request.
Preparing files for enabling secure communication
To use a single signed chain certificate across all IBM
ADDI servers and services, you must ensure that the following
files are prepared:
- A keystore that contains the signed certificate and its root certificate.
- The private key of the signed certificate.
- The certificates in the certificate chain of the signed certificate.
For more information about preparing the files, see Prepare files for enabling secure communication.
Configuring IBM ADDI by using the prepared keystore
To configure IBM
ADDI by using the prepared keystore,
follow these steps:
- Enable Hypertext transfer protocol secure (HTTPS) for IBM ADDI File Service, IBM ADDI Search Service, IBM ADDI Mainframe Projects Service, IBM ADDI Cross Applications Service, IBM ADDI Manual Resolutions Service, IBM® ADDI WebSphere® Liberty Profile Service, and Authentication Server (DEX).
- Configure IBM ADDI Batch Server and Graph Database Server by following the steps at STEP 9. Configuring IBM ADDI Batch Server.
- If IBM ADDI Build Client is not installed with other components, enable the encryption channel between IBM ADDI Build Client and IBM AD Zookeeper by following the steps at Activate IBM AD Build Client to use certificates when it is installed on a separate machine.
- Enable the encryption channel between IBM ADDI Analyze Client and IBM AD Zookeeper by following the steps at Enabling encryption channel between IBM ADDI Analyze Client and IBM ADDI ZooKeeper.