IBM Tivoli Netcool/OMNIbus, Version 7.4

Creating a request for the certificate

As the first step of replacing the default SSL certificate, create a request for the certificate from the Certification Authority (CA) so that it can be sent to the CA.

Procedure

  1. In the navigation pane of the Tivoli Integrated Portal, click Settings > WebSphere Administrative Console, and click Launch WebSphere administrative console.
  2. Click Security > SSL certificate and key management.
  3. On the "SSL certificate and key management" page, click Key stores and certificates, then click NodeDefaultKeyStore.
  4. On the "NodeDefaultKeyStore" page, click Personal certificate requests and on the page that appears, click New.
  5. In File for certificate request enter the path name for the file to hold the certificate request. Use the following form:

    tip_home_dir/profiles/TIPProfile/config/cells/TIPCell/nodes/request_file_name.p12

    Replace request_file_name with a suitable name for the request. For example: ca-cert-request.

  6. Complete the fields in the "Certificate information" panel as follows:
    Key label
    Enter an alias name for the certificate request in the key store. Ensure it is unique among any other entries in the key store.
    Common name
    Enter the name of the entity that the certificate represents. For example the fully-qualified domain name where the Web GUI resides. For example: webgui.server.mycompany.com.
    Organization
    Enter the name of you organization to identify the organization part of the distinguished name. For example: My Company.
    Organizational unit
    Enter the name of the unit within the organization to identify the organizational unit part of the distinguished name. For example: Operations.
    Locality
    Enter the location of the organizational unit to identify the locality part of the distinguished name. For example: Armonk.
    State or province
    Enter the state or province of the locality to identify the state part of the distinguished name. For example: NY.
    Zip code
    Enter the zip or postal code of the locality to identify the zip code part of the distinguished name For example: 10504.
    Country
    Select the code for your country from the drop-down list to identify the country part of the distinguished name. For example: US.
  7. Click Apply.
  8. On the "SSL certificate and key management" page, click Back.
  9. Set the check box for the entry containing the new key label and click Extract.
  10. On the "Extract certificate request" page enter the path of the file to hold the certificate request that you can send to the CA. Use the following form:

    tip_home_dir/profiles/TIPProfile/config/cells/TIPCell/nodes/ca_request_file_name.p12

    Replace ca_request_file_name with a suitable name for the request. For example: cert-request-to-send-to-CA.

  11. Click OK.

Results

The system creates the file containing the request to send to the CA.
Parent topic: Replacing the default SSL certificate with a certificate signed by a Certificate Authority
Next topic: Obtaining the certificate from the Certification Authority