Generate new certificates and a Certificate Authority (CA)

If you want to secure the communication based on the Secure Sockets Layer (SSL) protocol, but you do not have a corporate Certificate Authority (CA), you can use Certman to create one and generate the required certificates.

  1. Browse to the following path: <image_location>/TWS/<interp_name>/Tivoli_LWA_<interp_name>\TWS\bin
  2. Generate the CA and certificates by running the following command: 
    certman generate -keypasswd <pwd> -outpath <output path> [-capath <ca path>] [-wauser <user>] [-wagroup <group>]

    Where:

    keypasswd
    Specify the password to encrypt the private key.
    outpath
    Specify the folder where generate the certificates.
    capath
    Leave empty to generate a ca.crt and ca.key.
    wauser
    Optionally, specify the ˂TWS_user> that must be set as owner of the output files.
    wagroup
    Optionally, specify the ˂TWS_user> that must be set as group of the output files..
    Note: To specify an owner and group in wauser and wagroup parameters, the user who launches Certman must have the permissions to change the owner and group on output files.
The following output files are the CA and certificates you can find in the specified output folder:
  • ca.crt
    The file that contains the Root ca.
  • ca.key
    The private key of the CA.
  • tls.crt
    The certificate signed and validated by the CA.
  • tls.key
    The private key of the tls certificate.
  • tls.sth
    The stash file of the tls certificate that contains the password encoded in Base64 format.
Note: It is strongly suggested that you save the ca.key so that in future, if needed, you can generate or replace the certificates only.

After having generated the CA, add it to the OS and browser so that they can trust the new CA.