Configuring SSL communication between the Control Desk and TDI servers

To configure secure (SSL) communication between the Control Desk and TDI servers, import the Control Desk certificate to a keystore in your TDI environment and reference the keystore from the solution.properties file.

Before you begin

Before you perform this procedure, you must configure SSL communication for the Web application server (for example, IBM® WebSphere® Application Server) that supports your Control Desk server. Refer to the administrator guide for your supporting Web application server for instructions.

About this task

Complete the following steps from each computer that hosts a TDI server in your environment. Repeat the steps for each Control Desk server to which the TDI server connects.

Procedure

  1. Using a browser, start a Control Desk session using the SSL port that was defined when the Web application server was configured for SSL. For example, enter a URL similar to the following:

    https://tuscserver.austin.ibm.com:9443/maximo/webclient/login/login.jsp

    Log on to the Control Desk.

  2. Export the certificate to a file using DER format. The following example shows the steps for Internet Explorer:
    1. Select Properties from the File menu of the browser.
    2. Click Certificates on the Properties window.
    3. Click the Details tab on the Certificate window.
    4. Click Copy to File.
    5. Click Next on the Welcome page of the Certificate Export Wizard.
    6. Select DER format on the Export File Format page of the wizard. Click Next.
    7. In the File name field, enter the full path name of the file to which you want to export the certificate, for example, C:\certificates\tmp.cer. Click Next.
    8. Click Finish.
  3. Import the certificate into a new or existing keystore in your TDI environment. You can run the following command to import the certificate if you are using the standard Java™ keystore process. (Tivoli® Directory Integrator includes a Java distribution.) The command prompts you for a password to the keystore.

    keytool -import -file cert_file -keystore tdi_store

    where:
    cert_file
    Specifies the full path name of the file to which you exported the certificate (for example, C:\certificates\tmp.cer)
    tdi_store
    Specifies the full path name of the keystore (for example, C:\KeyRings\tdi_store.jks). The file is created if it does not exist.
  4. Use the TDI Config Editor to edit the Java properties in the solution.properties file:
    1. Start the TDI Config Editor:
      • On Windows, select Start > Programs > IBM Tivoli Directory Integrator v6.1.1 > TDI Config Editor.
      • On Linux or UNIX, run the following command:
        TDI_home_directory/ibmditk
    2. Select Edit Solution Properties from the Tools menu.

      The solution.properties file is displayed.

    3. Edit the Java properties for server authentication as follows: 
      javax.net.ssl.trustStore=tdi_store
javax.net.ssl.trustStorePassword=password
javax.net.ssl.trustStoreType=jks
      where:
      tdi_store
      Specifies the full path name of the keystore (for example, C:\KeyRings\tdi_store.jks)
      password
      Specifies the password to the keystore
Parent topic: Integrating HP Service Manager

Feedback