Establishing secure channels from browser to Data Server Manager

Before you can take advantage of DSM's support for SSL encryption, you must first configure your DSM server to accept digitally signed certificates from a CA.

Before you begin

Ensure that you have the following items prior to configuring your DSM server for SSL certificates:
  • a keystore file: example formats are *.p12 or *.jks
  • the password of the key store file
To import a certificate signed by a certificate authority:
  1. Download a valid signed certificate to your server.
  2. Stop Data Server Manager:
    • On Linux® and UNIX: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command stop.sh.
    • On Windows: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command stop.bat.
  3. Update the <DSM_install_path>/ibm-datasrvrmgr/wlp/usr/servers/dsweb/SSLConfig.xml file with the information for your key store.
    For example: <keyStore id="<defaultKeyStore>" location="/etc/<myKeyStore>.p12" password="<YourEncryptedKeyStorePassword>" type="PKCS12"></keyStore>
    Note: To encrypt your password of key store file:
    1. Go to <DSM_Install_Location>/wlp/bin directory.
    2. Run the following command:
      ./securityUtility encode --encoding=xor <your_passowrd>
      If your password contains any special character, surround them with single quotation marks.
  4. Start Data Server Manager:
    • On Linux and UNIX: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command start.sh.
    • On Windows: From <DSM_install_path>/ibm-datasrvrmgr/bin, run command start.bat.
  5. Verify that you can log in to the DSM console using the secure URL: https://<IP_address:port_number>/console/dswebcustomauth/pages/login.jsp
    Note: Ensure the domain name in your IP address is consistent with field "CN"(common name) in your certificate. For example: https://dsm.cn.ibm.com:port/console/dswebcustomauth/pages/login.jsp

    You can verify the CN within your certificate by running the keytool utility.

    To run the keytool utility:
    1. Go to the folder <DSM_install_path>\ibm-datasrvrmgr\java\jre\bin on your DSM server.
    2. Run the command keytool -list -keystore <Path_of_Key_Store_File> -storepass password -v