Chapter 6. Using a firewall and securing EWLM 175
What is the name of your City or Locality?
[Unknown]: Poughkeepsie
What is the name of your State or Province?
[Unknown]: NY
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=ewlmdm1, OU=itso, O=IBM, L=Poughkeepsie, ST=NY, C=US> correct?
[no]: yes
Enter key password for <ewlmdm1>
(RETURN if same as keystore password): 111111
As a result of this command, the keystore ks has been successfully created. The next step is
to switch the EWLM from using the default key to the key provided in the certificate just
created.
Install the keystore in WebSphere
When you issue the changeCC command, you need to specify the level of security, in our case
adminDefined instead of the default ewlmDefined, and the keystore name, location, and
password. With this command, the keystore will be installed in the Control Center WebSphere
instance.
Example 6-10 ChangeCC command to enable security
[ibmewlm@ewlmdm1 bin]$ ./changeCC.sh -sslSecurity /opt/EWLMDM/ -adminUser ibmewlm -adminPW
111111 -level adminDefined -keystore /home/ibmewlm/ks -keystorePW 111111
Processing changeCC -sslSecurity request. Please be patient as this may take
a while...
...processing 33% complete:
...processing 66% complete
SSLSECURITY END
If the WebSphere instance was active at the time, the changeCC command restarts the
WebSphere instance after the keystore information has been updated. If the WebSphere
instance was not active when the changeCC command was issued, then the WebSphere
instance is updated such that the next time it is started, it will use the new keystore
information.
Trust the new certificate
This section is not needed if the certificate is from a certificate authority that the Web browser
already trusts (such as Verisign). The only time you need to trust the certificate is when it is
not currently in your Web browser’s truststore.
The first time you access the Control Center from a browser, you still receive the Security
Alert warning shown in Figure 6-14, but this time only the first item should have a warning
symbol because now the certificate should match the name of your Control Center site.