Importing NOI TLS root CA certificate into the CEM Gateway Helm Chart

Flashes (Alerts)

Abstract

This technote is intended for users wanting to import and trust a TLS root CA certificate for NOI.

Content

When a root CA signer is used to sign the ObjectServer TLS certificate in NOI on OCP, the CEM Gateway chart needs to import and trust the root CA signer certificate in the CEM Gateway key database file (omni.kdb). If the CA signer certificate is not imported and trusted, the CEM Gateway cannot connect to the ObjectServer on OCP due to a TLS handshake error.

From this technote, you can download a patch containing the following scripts that you can use to import a TLS root CA certificate:

create-noi-secret.sh
create-noi-secret.config

Two new optional parameters have been added into the "create-noi-secret.config" script configuration file, namely: "CA_SIGNER_CERTIFICATE_FILE" and "CA_SIGNER_LABEL". Configure these parameters to import a root CA signer certificate for NOI.

To import a NOI TLS root CA certificate, download the patched scripts and use Steps 1-4 in section 2. Preparing ObjectServer communication secret on the following page of the Knowledge Center:

https://www.ibm.com/support/knowledgecenter/SSSHTQ/omnibus/helms/cloud_event_management/wip/reference/cemgwh_preinstall_tasks.html#cemgwh_preinstall_tasks__prep_os

To download the patched scripts, right-click on the following link and save the file to an appropriate location:
create-noi-secret.tar.gz

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Importing NOI TLS root CA certificate into the CEM Gateway Helm Chart

Flashes (Alerts)

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?