Author Topic: Need help for SSL setup and Configuration on CMOD 9.5 Linux server  (Read 2546 times)

Jaydeep Mehta

  • Guest
Hello Everyone,

We are planing to do SSL configuration setup on CMOD linux 9.5 server .
i have follow the instruction using below link and created ondemand.kdb  and ondemand.sth  files on our CMOD server .

http://www.ibm.com/support/knowledgecenter/en/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodlx120.htm

Then after also created the self-signed certificate file ondemand.arm  and configure the ars.ini file with below infomation.

PORT=0
SSL_KEYRING_FILE=/usr/lpp/ars/config/ondemand.kdb
SSL_KEYRING_STASH=/usr/lpp/ars/config/ondemand.sth
SSL_KEYRING_LABEL=IBM Content Manager OnDemand
SSL_CLNT_USE_SSL=1


Now i want to configure this certificate and Tes  from my Think client and from ICN 3.0  server .

Can you please suggest or provide information , how we can achieve this .


Thanks
Jd Mehta

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: Need help for SSL setup and Configuration on CMOD 9.5 Linux server
« Reply #1 on: February 08, 2017, 07:22:21 AM »
Hi Jaydeep,

Not long ago, I read through the entire documentation on how to activate SSL. It was for a Windows-based OnDemand, but I expect the principal differences to be minimal or none.

The step you describe above seems to cover what I documented as "Step 1" in my 3-step plan.

So although I haven't executed the plan yet (still waiting for a "Go"), I'd say what you need to do is this:

Step 2: Verify the GSKit level on the "client machines", IE where you have ODWEK for ICN, as well as from your thick client (I assume that is what you meant by "think client" :) ) machine.

Step 3: Activate Secure Sockets layer on the client (software) you will use. For the OD32 thick client, this would be "Check the checkbox" in the "Update a server" window at login.
Here's info on how you add your certificate to your client:
http://www.ibm.com/support/knowledgecenter/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodnl027.htm

Good luck!
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi

Jaydeep Mehta

  • Guest
Re: Need help for SSL setup and Configuration on CMOD 9.5 Linux server
« Reply #2 on: February 21, 2017, 06:58:36 AM »
Hi Bencze.

Thanks for your suggestion ..!

Now we able to make SSL connection between our CMOD thick client and server using self signed certificate .

Need some more information .

But we not succeed  with CA certificate , is this any different process and CA certificate also need to install on client machine ..??

and How we can configure and  setup SSL connection on ICN server .

Thanks in advance ..


Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: Need help for SSL setup and Configuration on CMOD 9.5 Linux server
« Reply #3 on: March 03, 2017, 02:36:50 AM »
Hi and sorry for the delay in replying.

Well, yes, you "kind of" need to install the certificate on the ICN machine, which is the CMOD client in this case:

Quote
Both ondemand.kdb and ondemand.sth files need to be placed on the workstation where the Content Manager OnDemand clients are installed. Download both files to the config subdirectory under the client installation directory.

There seems to be some information missing on the Linux page, but I suggest you look at the full procedure starting with "To create a CA-signed digital certificate, do the following steps:". For example, the description for Windows-based OnDemand seems to keep all information in one page:
https://www.ibm.com/support/knowledgecenter/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodww067.htm
but I suppose the description for AIX or Solaris are more similar to Linux, technically.
I suggest you read through the entire procedure in the Windows page above, then you check out that you have correctly executed all the steps in creating and verifying your CA certificate:
https://www.ibm.com/support/knowledgecenter/en/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodlx152.htm
and when that is done, complete the CA cert installation for Linux:
https://www.ibm.com/support/knowledgecenter/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodlx120.htm
and make sure the key files are installed on the ICN machine.

As usual :), more info can usually be found when checking the same documentation page for another OS/platform.
I hope this helps you - please let us all know how you managed once you get it to work!
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi