Db2

I have a DMC 3.1.10 install running under Linux with local defined users. The https port uses the default self signed certificate from the install and the browser complains about the self-signed certificate every now and then.

So I wanted to replace the self-signed certificate by a certificate signed by our local CA. First I gave the wlp server his proper hostname accoring to this docs https://www.ibm.com/docs/en/was-liberty/base?topic=liberty-setting-default-host-name-server (setting the defaultHostname variable in server.xml) and then followed the description at https://www.ibm.com/docs/en/db2-data-mgr-console/3.1.x?topic=securing-enabling-https-db2-data-management-console.

I created the CSR via Java keytool, sent it to our CA and got my CSR signed back. After I entered the keystore details (wlp.keystore.type, wlp.keystore.location, wlp.keystore.password with freshly encrypted password) in <dmchome>/wlp/usr/servers/dsweb/bootstrap.properties I restarted the server and -- voila -- got a nice https connection with my certificate in my browser. Looks good!

But then I was not able to sign-on anymore. My local super admin and password didn't work.

So I stopped the server, reverted the three settings in bootstrap.properties (BTW, why on earth does this file get rewritten and stripped of comments?!?!) to the old settings and then I was able to sign-on again.

@Cintia Ogura what else needs to be modified? Is the local user registry of DMC stored in the default key.p12 file? Do I have to copy over the login user to my new keyring? But with what (default?) password can I access this keystore to read the entries? Or do I have to reset the authentication config according to https://www.ibm.com/docs/en/db2-data-mgr-console/3.1.x?topic=configuration-resetting-authentication ?

The currently described procedure in the docs is not complete. The description from your huge slide deck does not detail enough in this case.

Has anyone else gone through this?

Kind regards

Hi Roland,

This issue may happen for some certificates and disable HTTP port by set the port number to -1 in configuration file at same time. Please try the latest version (version 3.1.12) of DMC which should have mitigated this issue.

Best regards,

Yan Hao Zhang

I have a DMC 3.1.10 install running under Linux with local defined users. The https port uses the default self signed certificate from the install and the browser complains about the self-signed certificate every now and then.

So I wanted to replace the self-signed certificate by a certificate signed by our local CA. First I gave the wlp server his proper hostname accoring to this docs https://www.ibm.com/docs/en/was-liberty/base?topic=liberty-setting-default-host-name-server (setting the defaultHostname variable in server.xml) and then followed the description at https://www.ibm.com/docs/en/db2-data-mgr-console/3.1.x?topic=securing-enabling-https-db2-data-management-console.

I created the CSR via Java keytool, sent it to our CA and got my CSR signed back. After I entered the keystore details (wlp.keystore.type, wlp.keystore.location, wlp.keystore.password with freshly encrypted password) in <dmchome>/wlp/usr/servers/dsweb/bootstrap.properties I restarted the server and -- voila -- got a nice https connection with my certificate in my browser. Looks good!

But then I was not able to sign-on anymore. My local super admin and password didn't work.

So I stopped the server, reverted the three settings in bootstrap.properties (BTW, why on earth does this file get rewritten and stripped of comments?!?!) to the old settings and then I was able to sign-on again.

@Cintia Ogura what else needs to be modified? Is the local user registry of DMC stored in the default key.p12 file? Do I have to copy over the login user to my new keyring? But with what (default?) password can I access this keystore to read the entries? Or do I have to reset the authentication config according to https://www.ibm.com/docs/en/db2-data-mgr-console/3.1.x?topic=configuration-resetting-authentication ?

The currently described procedure in the docs is not complete. The description from your huge slide deck does not detail enough in this case.

Has anyone else gone through this?

Kind regards