Self Service Portal SSL Connection

Usage and Config
1

I am trying to setup the Self Service Portal, and everything seems to be working except for the invalid certificate warning when I first connect to the portal. There is good documentation for the setup of SSL on Web Reports, but I am not finding that documentation for Self Service Portal.

1 Like
2

Here is what ended up working for me.

Configuring HTTPS for Self Service Portal

Refer to the following link.

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Multitenancy%20Setup%20for%20the%20Self%20Service%20Portal%2C%20SSP

From this link here is the relevant information.

Configuring SSL Certificates and Hostname

NOTE: You must stop the service to run these commands.

If you are using officially signed SSL certificates, rename the SSL private key as ssl_key.pem, the certificate should be named ssl_cert.pem, and if you have an intermediate certificate bundle, it should be named ssl_bundle.pem. After putting these files in place, you must run the following command:

ssp.bat recreate_keystore

Missing Details

• Run ssp.bat from an administrator command prompt.
• Run the command from this path is C:\Program Files (x86)\BigFix Enterprise\Management Extender\MDM Provider\utils.
• The ssl_bundle.pem was not used. Apparently it is not necessary in this case.
SSl_key.pem and SSL_cert.pem were copied to: \\SSP Server\c$\Program Files (x86)\BigFix Enterprise\Management Extender\MDM Provider\private\ssp.

How to Create SSL_Key.pem and SSL_cert.pem

Refer to the following link for configuring HTTPS for Web Reports to create the ssl_key.pem and ssl_cert.pem.

http://www-01.ibm.com/support/knowledgecenter/SS63NW_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_configuring_web_reports_for_ht.html?cp=SS63NW_9.2.0%2F1-4-1-5

Here is the gist of the process for creating the ssl_key.pem and ssl_cert.pem.

Create a Certificate Signing Request (csr).

  • The output from creating the CSR are the following files:
  • Cert.csr
  • Keyfile.pem
  • Nopwdkey.pem - this file was renamed to ssl_key.pem
  • Request a cert from trusted root CA using the files from the previous step. The output from the request was the following files.
  • Cert.pem – this file was renamed to ssl_cert.pem
  • Certnew.cer
1 Like
3

Thanks for reporting back the solution you found. This is very useful.

I made some adjustments to the formatting of your post for clarity.

4

I forgot to mention that Dave Langridge in L2 support was very helpful in getting this resolved. Many thanks to Dave.

2 Likes