IBM Support

Managing the SSL settings for the Optim Performance Manager web console

Product Documentation


Abstract

The embedded web application server that hosts the Optim™ Performance Manager web console normally requires minimal administration. Among the administrative tasks that might be required are renewing or importing SSL certificates for the web console by running the provided scripts. You must run these scripts with the admin user ID. The admin user ID is created locally as the default administrative user when you install the product. The default administrative user is separate from the other administrative users that are used with the product, such as database administrators.

Content

Administrative tasks that require the default administrative user

Tip: In the following tasks, OPM_installation_dir represents the installation directory of Optim Performance Manager.

Back to top

Resetting the password for the default administrative user

Before you can use the default administrative user for administrative tasks for the first time, you must reset the password for the user. Depending on the password policy of your company, you might also be required to reset this password regularly.

To reset the password for the default administrative user:

  1. Stop Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstop.sh as the owner of the DB2® instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Stop IBM Optim Performance Manager.
  2. Run the command to reset the password. From a command-line tool, on the Optim Performance Manager server, run the following command:
    • On Linux and UNIX:
      OPM_installation_dir/bin/setupcredentials.sh -updateUser admin new_password
    • On Windows:
      OPM_installation_dir\bin\setupcredentials.bat -updateUser admin new_password
      Where admin is the user ID of the default administrative user, and new_password is the updated password.
  3. Verify that the command-line console shows a success message that the password of the user admin was successfully updated.
  4. Start Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstart.sh as the owner of the DB2 instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Start IBM Optim Performance Manager.

Back to top

Updating the default self-signed SSL certificate

A self-signed SSL certificate was created when you installed the product with SSL support. This certificate expires after one year, after which users will not be able to log in to the secure web console.

Run the setupcredentials script to create a new self-signed SSL certificate for your web application server. This certificate is valid for 365 days from creation.

To update the default self-signed SSL certificate:

  1. Stop Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstop.sh as the owner of the DB2 instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Stop IBM Optim Performance Manager.
  2. Run the command to update the default self-signed SSL certificate. From a command-line tool, on the OPM server, run the following command:
    • On Linux and UNIX:
      OPM_installation_dir/bin/setupcredentials.sh -updateUser admin password
    • On Windows:
      OPM_installation_dir\bin\setupcredentials.bat -updateUser admin password
      Where admin is the user ID of the default administrative user, and password is the password for the default administrative user.
  3. Verify that the command-line console shows a success message that the self-signed certificate was successfully updated.
  4. Start Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstart.sh as the owner of the DB2 instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Start IBM Optim Performance Manager.
  5. Verify that you can log in to the web console with the secure URL:
    https://IP_address:port_number/optimdatatools/console

Back to top

Importing trusted signed SSL certificates

By default, the installer creates self-signed SSL certificates when you choose to enable HTTPS. With a self-signed certificate, with the web console prompts the user with a warning that the certificate is untrusted. If you configure your web application server to use a trusted certificate, no warning is displayed.

To import a certificate that is signed by a certificate authority:

  1. Download a valid signed certificate to your server.
  2. Stop Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstop.sh as the owner of the DB2 instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Stop IBM Optim Performance Manager.
  3. Run the command to import the trusted signed SSL certificate. From a command-line tool, on the Optim Performance Manager server, run the following command:
    • On Linux and UNIX:
      OPM_installation_dir/bin/importSSLcert.sh path_to_certificate/certificate_file_name
    • On Windows:
      OPM_installation_dir\bin\importSSLcert.bat path_to_certificate\certificate_file_name
      Where path_to_certificate is the complete path to the directory where the certificate file is stored, and certificate_file_name is the name of the certificate file that was provided by your certificate authority.
  4. Enter the default administrative user password when prompted.
  5. Start Optim Performance Manager.
    • On Linux and UNIX: From the OPM_installation_dir directory, run the command OPMstart.sh as the owner of the DB2 instance where Optim Performance Manager is running.
    • On Windows: From the Start menu, click All Programs > IBM Optim > IBM Optim Performance Manager - DB2_instance_name > Start IBM Optim Performance Manager.
  6. Verify that you can log in to the web console with the secure URL:
    https://IP_address:port_number/optimdatatools/console

Back to top

Temporarily disabling user login to the web console

Sometimes you need to temporarily disable user login to the web console for testing purposes. For example, you might want to test the Optim Performance Manager after an update before you make the web console available to your users. You can temporarily configure the web console to accept only default administrative user logins.

To temporarily disable user login to the web console:

  1. Log in to the web console as a user with administrator privileges.
  2. From the Task Manager select Setup > Console Security.
  3. Select the default administrative user login only option, and click Apply.
  4. Log out from the web console.
  5. Enter the default administrative user name and password at the login prompt to log in to the product.

Back to top

Original Publication Date

24 May 2011

[{"Product":{"code":"SSBH2R","label":"InfoSphere Optim Performance Manager for Db2 for Linux, UNIX, and Windows"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"4.1.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
08 July 2021

UID

swg27021800

Page Feedback