Establishing secure channels from browser to Data Server Manager
Before you can take advantage of DSM's support for SSL encryption, you must first configure your DSM server to accept digitally signed certificates from a CA.
Before you begin
Ensure that you have the
following items prior to configuring your DSM server for SSL certificates:
- a keystore file: example formats are *.p12 or *.jks
- the password of the key store file
To import a certificate signed by a certificate authority:
- Download a valid signed certificate to your server.
- Stop Data Server Manager:
- On Linux® and UNIX: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command stop.sh.
- On Windows: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command stop.bat.
- Update the <DSM_install_path>/ibm-datasrvrmgr/wlp/usr/servers/dsweb/SSLConfig.xml file
with the information for your key store. For example:
<keyStore id="
<defaultKeyStore>" location="/etc/
<myKeyStore>.p12"
password="
<YourEncryptedKeyStorePassword>" type="PKCS12"></keyStore>
Note: To encrypt your password of key store file:- Go to
<DSM_Install_Location>/wlp/bin
directory. - Run the following command:
If your password contains any special character, surround them with single quotation marks../securityUtility encode --encoding=xor <your_passowrd>
- Go to
- Start Data Server Manager:
- On Linux and UNIX: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command start.sh.
- On Windows: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command start.bat.
- Verify that you can log in to the DSM console using the secure
URL: https://<IP_address:port_number>/console/dswebcustomauth/pages/login.jsp Note: Ensure the domain name in your IP address is consistent with field "CN"(common name) in your certificate. For example: https://dsm.cn.ibm.com:port/console/dswebcustomauth/pages/login.jsp
You can verify the CN within your certificate by running the keytool utility.
To run the keytool utility:- Go to the folder <DSM_install_path>\ibm-datasrvrmgr\java\jre\bin on your DSM server.
- Run the command
keytool -list -keystore
<Path_of_Key_Store_File>-storepass password -v