IBM License Metric Tool (ILMT)

 View Only
Expand all | Collapse all

Changing LMT Web Interface TLS cert by command line

  • 1.  Changing LMT Web Interface TLS cert by command line

    Posted Fri February 02, 2024 01:14 PM

    Is it possible to script the replacement of the ILMT web UI's cert ? I would like to switch from using self signed certs to using Let's Encrypt certs which expire every 3 months and can be auto installed by PS script



    ------------------------------
    Stephen Dunne
    ------------------------------


  • 2.  RE: Changing LMT Web Interface TLS cert by command line

    Posted Sun February 04, 2024 03:53 AM

    Hello Stephen,

    It is possible to script such procedure (with PS, batch script etc.) except one problem: you need a password for the key_server.p12 file (License Metric Tool keystore file).
    Password itself is constructed based on master.tag file content.
    Unfortunately this is a public forum so I'll not be able to pass you the exact procedure to derive the password.
    You'd have to open a support ticket to us...



    ------------------------------
    Thank you,
    Oktawian

    Oktawian Powązka, L3 Support
    IBM License Metric Tool
    ------------------------------

    Original Message


  • 3.  RE: Changing LMT Web Interface TLS cert by command line

    Posted Wed February 07, 2024 07:23 AM
    Edited by Stephen Dunne Wed February 07, 2024 07:24 AM

    Got the password derivation details from support and that was all I needed. Created a new pfx with the same password cntaining cert and key, and copied it in on top of the original key_server.p12, bounced the service and job's a good un !! Nice new shiny non self signed cert now in use !

    Thanks for your help in pointing me in the right direction. Much appreciated

    Stephen

    ==

    ------------------------------
    Stephen Dunne
    ------------------------------

    Original Message