• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

ISC certificate problem

droach

ADSM.ORG Senior Member
#1
I installed ISC 6.1 on a Windows server. If I enter the FQDN in the browser (HTTPS://servername.myworld.com:9043) the ISC opens, and I can navigate to different pages, but if I try to do anything (like add a user/server) nothing happens. No error message and no prompts for information.

If DO NOT use the FQDN in the browser (HTTPS://servername:9043) I get a invalid certificate warning, but if I continue on all the web pages function properly.

It looks like the certificate was generated with a FQDN, but the ISC is expecting only the servername. Has anyone else seen this or know how to fix it. Reinstalling the certificate does not work. I think I need to recreate it without the FQDN, but I do not know how to do this.

Thanks,
Daryl
 

droach

ADSM.ORG Senior Member
#2
I figured out a solution...

From the ISC:
Open 'SSL certificate and key management' > 'Manage endpoint security configurations' > Click on the Inbound tsmNode > Click 'Manage Certificates'

Click 'Create a self-signed certificate' and for the "Common name" enter the servername (without the FQDN). Save it

Back on the tsmNode page under 'Specific SSL configuration for this endpoint' select your new certificate from the drop-down 'Certificate alias in key store'. Save it.

I thought I would have to do the same thing for the Outbound tsmNode, but when I went there is was already changed to my new certificate.

Probably could have replaced the default certificate with mine, but did not try.
 

jharris

ADSM.ORG Member
#3
Hmmm, I'm still having problems with this since we've starting rolling out IE8.

So, I just want to use a DNS alias called 'tsmisc'.... FQDN in our DNS server would be tsmisc.blah.int.

I've gone into inbound node certificate management and created a new certificate...
I put 'tsmisc' into the alias field and the common name field (not sure if the common name should be 'tsmisc' or 'tsmisc.blah.int'), filled out the validity period for 10 years and placed something into the organization field (all of these fields are mandatory).
Clicked Apply and saved my changes.

Now, when entering the manage endpoint security for the inbound node, I have in the 'certificate alias in key store' drop down box, 2 certificates ... one called 'default', the other called 'tsmisc'.
I didn't know if I had to make the new cert the primary certificate or something, so I've selected 'tsmisc' and clicked apply on that screen.

IE8 still reports the error using https://tsmisc.blah.int/ibm/console/ as the URL ... so I restarted the TsmAC service on the server and still nothing ... then I cleared my cert cache from my IE8 client and it still warns me.

Should I delete the default certificate? I'm worried I'll break it for the other users if this doesn't work.

Cheers
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 17 19.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 53 60.9%
  • Let's be formal and just say Spectrum Protect

    Votes: 10 11.5%
  • Other (please comement)

    Votes: 7 8.0%

Forum statistics

Threads
31,469
Messages
134,128
Members
21,569
Latest member
srinathkodela
Top