Generate keys and certificates for the secure web server mode

It is not possible for the Installation Manager web server installation kit to contain a signed certificate for the IP address of our computer. Therefore, when we log in to the secure Installation Manager web server, we see an untrusted connection warning. To suppress this warning, we can use our own keystore with a signed certificate.

Procedure

  1. To create a keystore file with a certificate:

      keytool -keystore keystore filename -alias jetty -genkey -keyalg RSA

    For detailed steps, see Generating Key Pairs and Certificates.

    To avoid seeing the untrusted connection warning in the browser, we can obtain a trusted certificate for our keystore file. For detailed steps, see Requesting a_Trusted Certificate.

    Ensure that you remember the password that we used to create the keystore file.

  2. Save the keystore file on the machine that runs the secure Installation Manager web server. For example, save the file here: c:\data\mykeystore.

  3. In a text editor, open the ibmim-web.ini file, and then set org.eclipse.equinox.http.jetty.ssl.keystore to point to our keystore file location. Depending on the operating system, the ibmim-web.ini file is in one of the following directories:

      install_dir/InstallationManager/eclipse/web

  4. Ensure that the value in the org.eclipse.equinox.http.jetty.ssl.keypassword property is set to the password that we used to generate the keystore file.


Results

When we run the ibmim-web executable with the -secure parameter, our browser does not warn us about an untrusted connection.

Related concepts:

  • Work from a web browser
  • Multiple browser sessions

    Related tasks:

  • Securely start and stop the Installation Manager web server

    Related reference:

  • Advanced configurations
    Home