Question & Answer
Question
The default certificate used to secure the HTTPS connection of the AMC server is a self-signed certificate. How can this be changed?
Cause
The self-signed certificate is generated by CN=www.ibm.com,OU = STG,O = IBM,L = Austin,S = TX,C = US
- To change the certificates involved with the connection from a browser to the AMC HTTPs, the parameters found in <TDI>/lwi/conf/webcontainer.properties need to be modified.
- To change the certificates involved with the connection from AMC to the TDI Server, where the parameters are found in the <TDI>/lwi/runtime/isc/eclipse/plugins/AMC_7.1.1.0/amc.properties file are not discussed in this technote.
Answer
To update the Web container properties, complete the following steps:
1. Change to the applicable directory:
| Option | Description |
| For Linux | install_root/lwi/conf |
| For Windows | install_root\lwi\conf |
where install_root is the root directory of your IBM Tivoli Directory Integrator installation.
*Note: This path uses the backslash (\) to delimit the directory; depending on the system that you are using, you might be required to enter the path using the forward slash (/).
2. Change the name of the webcontainer.properties file to webcontainer.properties.bak.
3. In the same directory, create a file named sslconfig and copy the contents of webcontainer.properties.bak to the sslconfig file.
4. Using a text editor, edit the sslconfig file. Specify only plain text values for the passwords in the sslconfig file.
5. Specify com.ibm.ssl.keyStorePassword.secure_port=new_password
- secure_port is the secure port that IBM Tivoli Directory Integrator AMC Server uses.
Use the secure port value indicated in your properties file. - new_password is the password that you set in one of the following steps:
6. Specify com.ibm.ssl.trustStorePassword.secure_port=new_password
- refer to the bullet points in item#5
7. Specify the new locations for:
com.ibm.ssl.trustStore.secure_port=fileLocation
com.ibm.ssl.keyStore.secure_port=fileLocation
The default location of the jks file is install_root/lwi/security/keystore. Please set the location per your deployments requirements.
8. Delete the line sslEnabled=true from the sslconfig file.
9. Save the sslconfig file.
10. Restart IBM Tivoli Directory Integrator AMC Server by completing the applicable steps.
| Option | Description |
| For Linux | Type the following command: <TDI>/bin/amc/amcservice start am amc |
| For Windows | Type the following command: <TDI>\bin\amc\amcservice start am amc |
| For Windows (Services) | a. Right-click My Computer and select Manage.
b. In the Computer Management window, expand Services and Applications > Services. c. In the Services pane, right-click IBM Tivoli Directory Integrator Administration and Monitoring Console - AMC and select Start. d. Exit from the Computer Management window. |
When you restart IBM Tivoli Directory Integrator AMC Server, the sslconfig file is used to automatically create a new webcontainer.properties file and encrypt the new password in this file. After the new webcontainer.properties file has been created, IBM Tivoli Directory Integrator Server deletes the sslconfig file because it is no longer needed.
11. After you start and connect to IBM Tivoli Directory Integrator AMC Server, you can delete the webcontainer.properties.bak file manually.
Was this topic helpful?
Document Information
Modified date:
21 June 2018
UID
swg21635183