• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

How to generate a csr file for the TSM ISC / Admin Centre v6.3 on AIX 7.1

jharris

ADSM.ORG Member
#1
We use https://xxxx.xxx.xxx:16311/ibm/console to access our new TSM v6.3 ISC and Admin Centre and our web browsers pop up the message:
"There is a problem with this website's security certificate."

This is not a big problem as you can still continue, even though the certificate being provided is not trusted.

Anyway, we actually have a local Certificate Authority server and I need to generate the necessary CSR file from the ISC to load onto the CA server so that the ISC's certificate will now be accepted as a trusted certificate.

Can anyone point me to the steps I need to follow to generate/obtain this CSR file, so that I can get it loaded onto our Certificate Authority server?

Cheers.
 

moon-buddy

ADSM.ORG Moderator
#2
We use https://xxxx.xxx.xxx:16311/ibm/console to access our new TSM v6.3 ISC and Admin Centre and our web browsers pop up the message:
"There is a problem with this website's security certificate."

This is not a big problem as you can still continue, even though the certificate being provided is not trusted.

Anyway, we actually have a local Certificate Authority server and I need to generate the necessary CSR file from the ISC to load onto the CA server so that the ISC's certificate will now be accepted as a trusted certificate.

Can anyone point me to the steps I need to follow to generate/obtain this CSR file, so that I can get it loaded onto our Certificate Authority server?

Cheers.
Why would you need a certificate?

This is not a commercial application that the public needs to access. Just put this website on your trusted list.
 

jharris

ADSM.ORG Member
#3
Why would you need a certificate?

This is not a commercial application that the public needs to access. Just put this website on your trusted list.
Moonbuddy, because our organisation locks down that function in the web browsers by group policy and will only allow certificates from a trusted source to be accepted (ie. Administrators can not manually add IP addresses of trusted sites in their web browsers).

So, we have a CA server running for our internal intranet SSL applications and I need to configure the ISC on there.
 

moon-buddy

ADSM.ORG Moderator
#4
Moonbuddy, because our organisation locks down that function in the web browsers by group policy and will only allow certificates from a trusted source to be accepted (ie. Administrators can not manually add IP addresses of trusted sites in their web browsers).

So, we have a CA server running for our internal intranet SSL applications and I need to configure the ISC on there.
As a Security Professional, I don't agree with this type of policies. A DO policy can be put in place for this type of access.

This argument aside, I don't think there is a way for certificates to work for and with TSM servers. I am not aware that the TSM server can present a certificate to the 'outside' world. I don't think it has the necessary code in its structure for certificate 'presentation'.

But I maybe wrong.

Your best bet is to call IBM.
 

jharris

ADSM.ORG Member
#5
Cheers Mate ... Yeah, I did have a quick chat with IBM (with no luck) as I had an open PMR due to the crappy performance of the ISC/Admin Centre we're also experiencing. Anyway, I'm of the opinion that now the Admin Centre runs on top of TEP and our Systems Management department I believe has their TEP servers working through our CA server, I'll go chat with them... see what they say. Otherwise I'll take your advise and raise a seperate PMR for it.
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 18 20.0%
  • Keep using TSM for Spectrum Protect.

    Votes: 55 61.1%
  • Let's be formal and just say Spectrum Protect

    Votes: 10 11.1%
  • Other (please comement)

    Votes: 7 7.8%

Forum statistics

Threads
31,497
Messages
134,253
Members
21,587
Latest member
jqei
Top