Storing certificates for client applications

When you log in to client applications that access the services tier, such as the IBM® InfoSphere® DataStage® Designer client or Director client, you can store the certificate in the trusted store to prevent having to accept the certificate in subsequent logins.

Procedure

After you log into the client for the first time, you will be asked to accept the certificate.

Note: When using IBM WebSphere® Application Server Network Deployment, you should not necessarily accept the defaults. Be sure to select the parent certificate in Step 2.

  • For the IBM InfoSphere DataStage clients:
    1. Click View Certificate.

    2. Click the Certification Path tab, and then select the root certificate. When using IBM WebSphere Application Server Network Deployment, select the parent certificate.

    3. Click the General tab.
    4. Click Install Certificate, and then click Next.
      Note: You may be displayed with Welcome to the Certificate Import Wizard window with the choices, Current User or Local Machine. This is based on certain platforms that allow a choice of whether to install the certificate for the current user or for all users on the system (Local Machine) where the later one requires the system administrator access.
    5. Select Place all certificates in the following store.
    6. Click Browse, then select Trusted Root Certification Authorities. Click OK.
    7. Click Next, then click Finish to import the certificate.
    8. A security window may appear asking to confirm the installation. Click Yes to install the certificate.

Note: If the Install Certificate button is missing, try one or more of the following:
  • Add the services tier host name to the list of Trusted Sites. Tools > Internet Options > Security > Trusted Sites > Sites
    Add https://hostname.domain.com
  • For Microsoft Windows users: re-launch your web browser with "Run as Administrator..." to ensure you are running with full elevated permissions.
  • Use this alternate way to install certificates:
    1. Click on View Certificate then click the Details tab.
    2. Save the certificate to file by clicking Copy to File.
    3. Double-click the saved certificate file.
    4. Import the file into Trusted Root Certification.
  • For Microsoft Windows Server 2012: Enhanced Security Configuration on Microsoft Internet Explorer may be preventing certificate installation. Disable Enhanced Security Configuration to install.
    1. Click Server Manager then click Local Server.
    2. Switch off IE Enhanced Security Configuration in the computer properties.
    3. Try to install the certificate again.

  • For browser based clients:
    Accept the certificate according to the procedures of your browser.
  • For command line utilities:
    The utility will prompt automatically for you to validate and store the certificate as in the following example. (The ⇒ character indicates a line continuation.)
    # ./SessionAdmin.sh -user admin -password myPass -lus -url ⇒
    https://localhost:9446/
    The following certificate could not be verified: 
    
    Owner: CN=localhost, OU=localhostNode02Cell, OU=localhostNode03, ⇒
    O=IBM, C=US
    Issuer: CN=localhost, OU=Root Certificate, OU=localhostNode02Cell, ⇒
    OU=localhostNode03, O=IBM, C=US
    Serial number: 10E9ACBD921C 
    Valid from: Mar 25 2014
    Expired to: Mar 25 2015
    SHA1 fingerprint: 73:10:92:1A:12:AE:E5:0C:92:47:94:BF:A3:47:51:06:FF:⇒
    07:28:47 
    MD5 fingerprint: 91:E9:91:19:5B:15:FA:E6:63:B3:CF:C1:5C:0B:D1:B4
    Do you want to accept this certificate permanently (1), for this session ⇒
    only (2), or reject (3) it? (1/2/3):