How do I install the dynamic domain manager using custom certificates?
Installing the dynamic domain manager and its backup using custom certificates
About this task
You can install the dynamic domain manager and its backup using default certificates, as described in Installing the dynamic domain manager and backup dynamic domain manager, or you can optionally use custom certificates.
To install dynamic domain manager and backup dynamic domain manager using custom certificates, perform the following steps:
Procedure
-
Generate the custom certificates required for installing the dynamic domain manager and backup dynamic domain manager, as
follows:
openssl genrsa -des3 -out tls.key 2048
The following files are created:- ca.crt
- tls.key
- tls.crt
- Copy the files to a path of your choice on the workstation where you plan to install the dynamic domain manager or backup dynamic domain manager. When performing the installation, you provide this path using the sslkeysfolder parameter.
- Copy the tls.crt file from the master domain manager to the workstation where you plan to install the dynamic domain manager or backup dynamic domain manager. Specify a different path from the path of the above certificates to avoid overwriting the existing tls.crt.
- Rename the tls.crt file from the master domain manager to jwt.crt.
-
Copy the jwt.crt file to the same path as the certificates
generated in step 1.
You now have on the workstation where you plan to install the dynamic domain manager or backup dynamic domain manager four certificate files:
- ca.crt
- tls.key
- tls.crt
- jwt.crt
-
Browse to the folder where the serverinst command is
located:
- On Windows operating systems
- image_location\TWS\interp_name
- On UNIX operating systems
- image_location/TWS/interp_name
-
Start the installation specifying the path to the dynamic domain manager certificates
using the sslkeysfolder parameter:
- On Windows operating systems
-
cscript serverinst.vbs --acceptlicense yes --rdbmstype db_type --dbhostname db_hostname --dbport db_port --dbname db_name --dbuser db_user --dbpassword db_password --wauser wa_user --wapassword wa_password --componenttype DDM --domain domain_name --master mdm_name --mdmbrokerhostname mdm_broker_host_name --mdmhttpsport mdm_https_host_name --wlpdir Liberty_installation_dir\wlp --sslkeysfolder path_to_certificates --sslpassword certificate_password
- On UNIX operating systems
-
./serverinst.sh --acceptlicense yes --rdbmstype db_type --dbhostname db_hostname --dbport db_port --dbname db_name --dbuser db_user --dbpassword db_password --wauser wa_user --wapassword wa_password --componenttype DDM --domain domain_name --master mdm_name --mdmbrokerhostname mdm_broker_host_name --mdmhttpsport mdm_https_host_name --wlpdir Liberty_installation_dir/wlp --sslkeysfolder path_to_certificates --sslpassword certificate_password
- Repeat the same procedure for the backup dynamic domain manager.