Oracle® Enterprise Manager IBM Tivoli Netcool/OMNIbus Connector Installation and Configuration Guide Release 12.1 (12.1.0.2.0) Part Number E36154-03 |
|
|
PDF · Mobi · ePub |
This chapter provides the following procedures for configuring the IBM Tivoli Netcool/OMNIbus Connector to use the HTTPS protocol:
If the web service for Netcool/OMNIbus was configured to run using the HTTPS protocol, you must perform the following steps to set up SSL:
Install an SSL certificate in the web service for Netcool/OMNIbus keystore. You must either install a self-signed certificate or install a certificate obtained from a Certificate Authority (CA).
To install a self-signed certificate, perform the steps specified in Installing a Self-Signed Certificate.
To install a certificate from a CA, perform the steps specified in Installing a Certificate from a Certified Authority.
Restart the web service for Netcool/OMNIbus for the changes to take effect.
Import the SSL certificate from the web service for Netcool/OMNIbus keystore into the Enterprise Manager keystore as specified in Importing the Web Service Certificate into Enterprise Manager.
To generate and install a self-signed SSL certificate for the Netcool/OMNIbus adapter web service:
Open a command prompt window and change the working directory to the adapters/conf
directory in the web service for Netcool/OMNIbus installation directory.
Enter the following command to delete the default SSL entry from the web service Netcool/OMNIbus keystore:
Unix
$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows
"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Enter the following command to generate a new certificate and place it in the web service for Netcool/OMNIbus keystore. You will need to replace <hostname>
with the host name or IP address of the system where the web service for Netcool/OMNIbus is installed.
Note:
The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.Unix
$JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows
"%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
To request and install a signed SSL certificate for the web service for Netcool/OMNIbus:
Request a certificate for the web service for Netcool/OMNIbus from a Certificate Authority, such as VeriSign.
Note:
In the certificate request, make sure to specify the host name or IP address of the system where the web service for Netcool/OMNIbus is installed. The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.After you obtain the certificate from the Certificate Authority, open a command prompt window and change the working directory to the adapters/conf
directory in the web service for Netcool/OMNIbus installation directory.
Enter the following command to delete the default SSL entry from the web service for Netcool/OMNIbus keystore:
Unix
$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows
"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Enter the following command to install the certificate, where <certificateFile>
is the full path name of the file provided by the Certificate Authority:
Unix
$JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows
"%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
To import the web service for Netcool/OMNIbus SSL certificate into the Enterprise Manager keystore:
Open a command prompt window and change the working directory to the adapters/conf
directory in the web service for Netcool/OMNIbus installation directory.
Issue the following command to extract the SSL certificate from the web service Netcool/OMNIbus keystore and place it in the OMNIbusws.cer
certificate file:
Unix
$JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw
Windows
"%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw
Transfer the certificate file OMNIbusws.cer
to the system where Enterprise Manager is installed.
Append the contents of the OMNIbusws.cer
file to:
$INSTANCE_HOME/sysman/config/b64LocalCertificate.txt
Ensure that only the following lines are appended to the b64LocalCertificate.txt
file (that is, do not include blank lines, comments, or any other special characters):
-----BEGIN CERTIFICATE----- <<<Certificate in Base64 format>>> -----END CERTIFICATE-----
Restart OMS by running the following commands:
emctl stop oms emctl start oms
Note:
Do not run theemctl secure oms/agent
command after adding the external certificate to the b64LocalCertificate.txt
file. If you run the emctl secure
command later, then repeat steps 4 through 6 to make sure the external certificate exists in the b64LocalCertificate.txt
file.