How to generate a csr file for the TSM ISC / Admin Centre v6.3 on AIX 7.1

jharris

ADSM.ORG Member
Joined
May 24, 2004
Messages
166
Reaction score
0
Points
0
Location
Victoria, Australia
Website
Visit site
PREDATAR Control23

We use https://xxxx.xxx.xxx:16311/ibm/console to access our new TSM v6.3 ISC and Admin Centre and our web browsers pop up the message:
"There is a problem with this website's security certificate."

This is not a big problem as you can still continue, even though the certificate being provided is not trusted.

Anyway, we actually have a local Certificate Authority server and I need to generate the necessary CSR file from the ISC to load onto the CA server so that the ISC's certificate will now be accepted as a trusted certificate.

Can anyone point me to the steps I need to follow to generate/obtain this CSR file, so that I can get it loaded onto our Certificate Authority server?

Cheers.
 
PREDATAR Control23

We use https://xxxx.xxx.xxx:16311/ibm/console to access our new TSM v6.3 ISC and Admin Centre and our web browsers pop up the message:
"There is a problem with this website's security certificate."

This is not a big problem as you can still continue, even though the certificate being provided is not trusted.

Anyway, we actually have a local Certificate Authority server and I need to generate the necessary CSR file from the ISC to load onto the CA server so that the ISC's certificate will now be accepted as a trusted certificate.

Can anyone point me to the steps I need to follow to generate/obtain this CSR file, so that I can get it loaded onto our Certificate Authority server?

Cheers.

Why would you need a certificate?

This is not a commercial application that the public needs to access. Just put this website on your trusted list.
 
PREDATAR Control23

Why would you need a certificate?

This is not a commercial application that the public needs to access. Just put this website on your trusted list.

Moonbuddy, because our organisation locks down that function in the web browsers by group policy and will only allow certificates from a trusted source to be accepted (ie. Administrators can not manually add IP addresses of trusted sites in their web browsers).

So, we have a CA server running for our internal intranet SSL applications and I need to configure the ISC on there.
 
PREDATAR Control23

Moonbuddy, because our organisation locks down that function in the web browsers by group policy and will only allow certificates from a trusted source to be accepted (ie. Administrators can not manually add IP addresses of trusted sites in their web browsers).

So, we have a CA server running for our internal intranet SSL applications and I need to configure the ISC on there.

As a Security Professional, I don't agree with this type of policies. A DO policy can be put in place for this type of access.

This argument aside, I don't think there is a way for certificates to work for and with TSM servers. I am not aware that the TSM server can present a certificate to the 'outside' world. I don't think it has the necessary code in its structure for certificate 'presentation'.

But I maybe wrong.

Your best bet is to call IBM.
 
PREDATAR Control23

Cheers Mate ... Yeah, I did have a quick chat with IBM (with no luck) as I had an open PMR due to the crappy performance of the ISC/Admin Centre we're also experiencing. Anyway, I'm of the opinion that now the Admin Centre runs on top of TEP and our Systems Management department I believe has their TEP servers working through our CA server, I'll go chat with them... see what they say. Otherwise I'll take your advise and raise a seperate PMR for it.
 
Top