ISC certificate problem

droach

droach

ADSM.ORG Senior Member
Joined
Jan 7, 2008
Messages
239
Reaction score
13
Points
0
Location
Cut and Shoot, Texas
I installed ISC 6.1 on a Windows server. If I enter the FQDN in the browser (HTTPS://servername.myworld.com:9043) the ISC opens, and I can navigate to different pages, but if I try to do anything (like add a user/server) nothing happens. No error message and no prompts for information.

If DO NOT use the FQDN in the browser (HTTPS://servername:9043) I get a invalid certificate warning, but if I continue on all the web pages function properly.

It looks like the certificate was generated with a FQDN, but the ISC is expecting only the servername. Has anyone else seen this or know how to fix it. Reinstalling the certificate does not work. I think I need to recreate it without the FQDN, but I do not know how to do this.

Thanks,
Daryl
 
I figured out a solution...

From the ISC:
Open 'SSL certificate and key management' > 'Manage endpoint security configurations' > Click on the Inbound tsmNode > Click 'Manage Certificates'

Click 'Create a self-signed certificate' and for the "Common name" enter the servername (without the FQDN). Save it

Back on the tsmNode page under 'Specific SSL configuration for this endpoint' select your new certificate from the drop-down 'Certificate alias in key store'. Save it.

I thought I would have to do the same thing for the Outbound tsmNode, but when I went there is was already changed to my new certificate.

Probably could have replaced the default certificate with mine, but did not try.
 
Hmmm, I'm still having problems with this since we've starting rolling out IE8.

So, I just want to use a DNS alias called 'tsmisc'.... FQDN in our DNS server would be tsmisc.blah.int.

I've gone into inbound node certificate management and created a new certificate...
I put 'tsmisc' into the alias field and the common name field (not sure if the common name should be 'tsmisc' or 'tsmisc.blah.int'), filled out the validity period for 10 years and placed something into the organization field (all of these fields are mandatory).
Clicked Apply and saved my changes.

Now, when entering the manage endpoint security for the inbound node, I have in the 'certificate alias in key store' drop down box, 2 certificates ... one called 'default', the other called 'tsmisc'.
I didn't know if I had to make the new cert the primary certificate or something, so I've selected 'tsmisc' and clicked apply on that screen.

IE8 still reports the error using https://tsmisc.blah.int/ibm/console/ as the URL ... so I restarted the TsmAC service on the server and still nothing ... then I cleared my cert cache from my IE8 client and it still warns me.

Should I delete the default certificate? I'm worried I'll break it for the other users if this doesn't work.

Cheers
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,967
Messages
135,414
Members
21,947
Latest member
dylbrawn
Back
Top