The utility is used to configure and remove the configuration information associated with WebSphere Application Server and the Tivoli Access Manager server.
The svrsslcfg script creates a user account and server entries that represent your WebSphere Application Server profile in the Tivoli Access Manager user registry. In addition, a configuration file and a Java keystore file, which securely stores a client certificate, are created in the application server profile. This client certificate permits callers to use Tivoli Access Manager authentication services. You can also choose to remove the user and server entries from the user registry and clean up the local configuration and keystore files.
The svrsslcfg script wraps the SvrSslCfg class and provides support for multiple WebSphere Application Server profiles. The use of multiple profiles allows you to create multiple WebSphere Application Server environments that are completely isolated from one another.
Run the svrsslcfg script first on the deployment manager and then on the other nodes in the cell.
svrsslcfg -profileName myprofile -action config -admin_id sec_master -admin_pwd pwd123 -appsvr_id ibm9 -appsvr_pwd ibm9pwd -mode remote -port 8888 -policysvr ourserv.rochester.ibm.com:7135:1 -authzsvr ourserv.rochester.ibm.com:7136:1 -key_file profile_root/myprofile/etc/ibm9.kdb -cfg_action createThe previous example displays on multiple lines for illustrative purposes only.
The configuration syntax is:
svrsslcfg -action config [ -profileName profile_name ] -admin_id admin_user_id -admin_pwd admin_password -appsvr_id application_server_name -port port_number -mode { local | remote } -policysvr policy_server_name -authzsvr authorization_server_name -key_file fully_qualified_name_of_key_file -appsvr_pwd application_server_password -cfg_action { create | replace } [ -domain Tivoli_Access_Manager_domain ]
The unconfigure syntax is:
svrsslcfg -action unconfig [ -profileName profile_name ] -admin_id admin_user_id -admin_pwd admin_password -appsvr_id application_server_name -policysvr policy_server_name [ -domain Tivoli_Access_Manager_domain ]
You can enter the previous syntax as one continuous line.
If this action is specified, the following options are required: -admin_id, -admin_pwd, -appsvr_id, -port, -mode, -policysvr, -authzsvr, and -key_file.
The reconfiguration operation fails only if the caller is unauthorized or the policy server cannot be contacted.
This action can succeed when a configuration file does not exist. When the configuration file does not exist, it is created and used as a temporary file to hold configuration information during the operation, and then the file is deleted completely.
If this action is specified, the following options are required: -admin_id, -admin_pwd, -appsvr_id, and -policysvr.
A valid administrative ID is an alphanumeric, case-sensitive string. String values are expected to be characters that are part of the local code set. You cannot use a space in the administrative ID.
For example, for U.S. English the valid characters are the letters a-Z, the numbers 0-9, a period (.), an underscore (_), a plus sign (+), a hyphen (-), an at sign (@), an ampersand (&), and an asterisk (*). The minimum and maximum lengths of the administrative ID, if there are limits, are imposed by the underlying registry.
Password of the Tivoli Access Manager administrator user that is associated with the -admin_id parameter. The password restrictions depend upon the password policy for your Tivoli Access Manager configuration.
If this option is not specified, the server password will be read from standard input.
If not specified, the local domain that was specified during Tivoli Access Manager runtime configuration will be used. The local domain value will be retrieved from the configuration file.
A valid domain name is an alphanumeric, case-sensitive string. String values are expected to be characters that are part of the local code set. You cannot use a space in the domain name.
For example, for U.S. English the valid characters for domain names are the letters a-Z, the numbers 0-9, a period ( . ), an underscore (_), a plus sign (+), a hyphen (-), an at sign (@), an ampersand (&), and an asterisk (*). The minimum and maximum lengths of the domain name, if there are limits, are imposed by the underlying registry.
Verify server user (for example, ivmgr) or all users have permission to access the .kdb file and the folder that contains the .kdb file.
This option is required.