Creating a self signed certificate
To generate the certificate for a broker you can use the IBM Key Management tool. This tool is provided with the BigFix® Remote Control application and with IBM WebSphere Application Server.
About this task
Note: If you are using WAS you should make sure that the
7.0.0-WS-WASSDK-*-FP0000021 update or later has been applied, where
* is the platform. For example 7.0.0-WS-WASSDK-WinX32-FP0000021
To
create a new keystore complete the following stepsProcedure
- Open a command prompt window.
-
Navigate to one of the following directories depending on where you will run the key tool from.
For example, on a Windows system, go to C:\Program Files
(x86)\IBM\Tivoli\TRC\server\java\jre\bin
- Remote control server installed with embedded components
- Navigate to the BigFix® Remote Control installation directory.
- WAS installed
- Navigate to the WAS installation directory.
- Controller component installed
- Navigate to the ...\Controller\jre directory . For example ,
- Windows™ systems
- C:\Program Files\IBM\tivoli\Remote Control\Controller\jre
- Linux™ systems
- /opt/ibm/trc/controller/jre
- Change to the bin directory.
- Run the ikeyman file relevant to your
operating system.
- Windows™ systems
- ikeyman.bat
- Linux™ systems
- ikeyman.sh
- Select
- Select PKCS12 for Key database type.
- Click Browse, navigate to the location you want to store the keystore, type a filename for your file and click Save.
- Click OK.
- Enter and confirm a password to protect the keystore and click OK.
- Select
- Enter a name for the Key Label.
For example, the hostname of the broker.This is the name that will be displayed in the Personal Certificates list in the key management tool GUI.
- Select X509 V3 for the Version.
- Select a Key Size value.Default is 1024. Recommended value is 2048.
-
Select a Signature Algorithm
This is a cryptographic algorithm for digital signatures and should be left as the default value SHA256WithRSA.
- Type a Common Name .Set to the DNS host name and domain of your broker.For example trcbroker.example.com
- Enter any additional optional information as required.
- Enter a Validity Period.This is the number of days that the certificate will be valid for. Default is 365 days.
- Click OK.
Results
Note: The key store contains the
private key for the certificate and this must be kept secure at all
times. It is recommended that the original copy of the keystore is
stored in a secure disk, for example an encrypted USB storage device
or similar. Keeping a secure backup of the original keystore is also
recommended.