Skip Headers
Oracle® Enterprise Manager IBM Tivoli Netcool/OMNIbus Connector Installation and Configuration Guide
Release 12.1 (12.1.0.2.0)

Part Number E36154-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

6 Enabling SSL for HTTPS

This chapter provides the following procedures for configuring the IBM Tivoli Netcool/OMNIbus Connector to use the HTTPS protocol:

6.1 Configure Oracle Enterprise Manager to Use SSL

If the web service for Netcool/OMNIbus was configured to run using the HTTPS protocol, you must perform the following steps to set up SSL:

  1. Install an SSL certificate in the web service for Netcool/OMNIbus keystore. You must either install a self-signed certificate or install a certificate obtained from a Certificate Authority (CA).

  2. Restart the web service for Netcool/OMNIbus for the changes to take effect.

  3. Import the SSL certificate from the web service for Netcool/OMNIbus keystore into the Enterprise Manager keystore as specified in Importing the Web Service Certificate into Enterprise Manager.

6.2 Installing a Self-Signed Certificate

To generate and install a self-signed SSL certificate for the Netcool/OMNIbus adapter web service:

  1. Open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

  2. Enter the following command to delete the default SSL entry from the web service Netcool/OMNIbus keystore:

    • Unix

      $JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows

      "%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
  3. Enter the following command to generate a new certificate and place it in the web service for Netcool/OMNIbus keystore. You will need to replace <hostname> with the host name or IP address of the system where the web service for Netcool/OMNIbus is installed.

    Note:

    The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
    • Unix

      $JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows

      "%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      

6.3 Installing a Certificate from a Certified Authority

To request and install a signed SSL certificate for the web service for Netcool/OMNIbus:

  1. Request a certificate for the web service for Netcool/OMNIbus from a Certificate Authority, such as VeriSign.

    Note:

    In the certificate request, make sure to specify the host name or IP address of the system where the web service for Netcool/OMNIbus is installed. The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
  2. After you obtain the certificate from the Certificate Authority, open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

  3. Enter the following command to delete the default SSL entry from the web service for Netcool/OMNIbus keystore:

    • Unix

      $JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows

      "%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
  4. Enter the following command to install the certificate, where <certificateFile> is the full path name of the file provided by the Certificate Authority:

    • Unix

      $JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows

      "%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      

6.4 Importing the Web Service Certificate into Enterprise Manager

To import the web service for Netcool/OMNIbus SSL certificate into the Enterprise Manager keystore:

  1. Open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

  2. Issue the following command to extract the SSL certificate from the web service Netcool/OMNIbus keystore and place it in the OMNIbusws.cer certificate file:

    • Unix

      $JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw
      
    • Windows

      "%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw
      
  3. Transfer the certificate file OMNIbusws.cer to the system where Enterprise Manager is installed.

  4. Append the contents of the OMNIbusws.cer file to:

    $INSTANCE_HOME/sysman/config/b64LocalCertificate.txt
    
  5. Ensure that only the following lines are appended to the b64LocalCertificate.txt file (that is, do not include blank lines, comments, or any other special characters):

    -----BEGIN CERTIFICATE-----
    <<<Certificate in Base64 format>>>
    -----END CERTIFICATE-----
    
  6. Restart OMS by running the following commands:

    emctl stop oms
    emctl start oms
    

    Note:

    Do not run the emctl secure oms/agent command after adding the external certificate to the b64LocalCertificate.txt file. If you run the emctl secure command later, then repeat steps 4 through 6 to make sure the external certificate exists in the b64LocalCertificate.txt file.