IBM Support

Creating a Self-Signed certificate for host name alias.

Troubleshooting


Problem

I have a hostname alias setup in the DNS (Domain Name Server) for IBM Content Collector server. But when I try to view the archived emails the browser does not recognize the URL and prompts to accept the certificate.

Symptom

Every user needs to accept the certificate and install it on their system.

Cause

The issue is caused by not having host name and alias name on the Self-Signed certificate and the corresponding certificate request is not signed.

Environment

IBM Content Collector for Email

Diagnosing The Problem

When you use the actual host name instead of alias name for the preview URL, you will not be prompted for any certificate to accept.

Resolving The Problem

  2. In a command prompt, go to the <ICCinstallDir>\AfuWeb\profiles\AFUWeb\bin directory, where <ICCinstallDir> is the installation directory of IBM Content Collector.
  3. Type ikeyman
  4. The IBM Key Management utility opens.
  5. Create a New Self-Signed certificate using PKCS12 key database type.
  6. On the Self-Signed certificate window use the server's alias name for Common Name.
  7. Use <alias name>,<actual host name> for DNS name.
  8. Create a new certificate request. Under Key database content, select Personal Certificates Requests and click New.
  9. In the Key Label field, specify a label for the digital certificate request.
  10. Click OK. A confirmation window is displayed, verifying that you have created a request for a new digital certificate.
  11. The Personal Certificate Requests field in the IBM Key Management window shows the key label of the new digital certificate request you created.
  12. Send the file to a certificate authority (CA) to request for a new digital certificate, or cut and paste the request into the request forms of the CA's website.
  13. After the CA sends you a new digital certificate, you must delete the existing certificate and add the new one to the key database from which you generated the request.
  14. Before deleting a digital certificate, create a backup copy in case you later want to recreate it.
  15. In the IBM Key Management utility, make sure that the key database file is open and that, under Key database content, Personal Certificates and default are selected.
  16. Click Delete. You are asked to confirm the deletion. The label of the digital certificate you just deleted no longer appears in the Personal Certificates field of the IBM Key Management window.
  17. Click Receive. The Receive Certificate from a File window is displayed.
  18. Accept the default values for the certificate and click OK.
  19. Specify a label, such as Production Certificate for Content Collector, for the new certificate and click OK. The Personal Certificates field of the IBM Key Management window shows the label of the new certificate.
  20. Exit the IBM Key Management utility.
  21. Stop and restart IBM Content Collector Web Application service.

[{"Product":{"code":"SSAE9L","label":"Content Collector"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Collector for Email","Platform":[{"code":"PF033","label":"Windows"}],"Version":"2.2;2.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21502061

Page Feedback