The utility is used to configure and remove the configuration information associated with WebSphere® Application Server and the Tivoli® Access Manager server.
Run the svrsslcfg script first on the deployment manager and then on the other nodes in the cell.
java com.tivoli.pd.jcfg.SvrSslCfg -action {config | unconfig} -admin_id admin_user_ID -admin_pwd admin_password -appsvr_id application_server_name -appsvr_pwd application_server_password -mode{local|remote} -host host_name_of_application_server -policysvr policy_server_name:port:rank [,...] -authzsvr authorization_server_name:port:rank [,...] -cfg_file fully_qualified_name_of_configuration_file -domain Tivoli_Acccess_Manager_domain -key_file fully_qualified_name_of_keystore_file -cfg_action {create|replace}
If this action is specified, the following options are required: -admin_id, -admin_pwd, -appsvr_id, -port, -mode, -policysvr, -authzsvr, and -key_file.
The reconfiguration operation fails only if the caller is unauthorized or the policy server cannot be contacted.
This action can succeed when a configuration file does not exist. When the configuration file does not exist, it is created and used as a temporary file to hold configuration information during the operation, and then the file is deleted completely.
If this action is specified, the following options are required: -admin_id, -admin_pwd, -appsvr_id, and -policysvr.
A valid administrative ID is an alphanumeric, case-sensitive string. String values are expected to be characters that are part of the local code set. You cannot use a space in the administrative ID.
For example, for U.S. English the valid characters are the letters a-Z, the numbers 0-9, a period (.), an underscore (_), a plus sign (+), a hyphen (-), an at sign (@), an ampersand (&), and an asterisk (*). The minimum and maximum lengths of the administrative ID, if there are limits, are imposed by the underlying registry.
Specifies the password of the Tivoli Access Manager administrator user that is associated with the -admin_id parameter. The password restrictions depend upon the password policy for your Tivoli Access Manager configuration.
If this option is not specified, the server password will be read from standard input.
A file name should be an absolute file name (fully qualified file name) to be valid.
If not specified, the local domain that was specified during Tivoli Access Manager runtime configuration will be used. The local domain value will be retrieved from the configuration file.
A valid domain name is an alphanumeric, case-sensitive string. String values are expected to be characters that are part of the local code set. You cannot use a space in the domain name.
For example, for U.S. English the valid characters for domain names are the letters a-Z, the numbers 0-9, a period ( . ), an underscore (_), a plus sign (+), a hyphen (-), an at sign (@), an ampersand (&), and an asterisk (*). The minimum and maximum lengths of the domain name, if there are limits, are imposed by the underlying registry.
The default is the local host name returned by the operating system. Valid values for host_name include any valid IP host name.
host = libra
host = libra.dallas.ibm.com
Make sure that server user (for example, ivmgr) or all users have permission to access the .kdb file and the folder that contains the .kdb file.
This option is required.
After the successful configuration of a Tivoli Access Manager Java™ application server, SvrSslCfg creates a user account and server entries representing the Java application server in the Tivoli Access Manager user registry. In addition, SvrSslCfg creates a configuration file and a Java key store file, which securely stores a client certificate, locally on the application server. This client certificate permits callers to make authenticated use of Tivoli Access Manager services. Conversely, reconfiguration removes the user and server entries from the user registry and cleans up the local configuration and keystore files.
The contents of an existing configuration file can be modified by using the SvrSslCfg utility. The configuration file and the key store file must already exist when calling SvrSslCfg with all options other than -action config or -action unconfig.
The following options are parsed and processed into the configuration file, but are otherwise ignored in this version of Tivoli Access Manager:
server_name/host_name
Note that the pdadmin server list command displays the server name in a slightly different format:server_name-host_name
CLASSPATH=${WAS_HOME}/java/jre/lib/ext/PD.jar:${WAS_CLASSPATH}
java \
-cp ${CLASSPATH} \
-Dpd.cfg.home= ${WAS_HOME}/java/jre \
-Dfile.encoding=ISO8859-1 \
-Dws.output.encoding=CP1047 \
-Xnoargsconversion \
com.tivoli.pd.jcfg.SvrSslCfg \
-action config \
-admin_id sec_master \
-admin_pwd $TAM_PASSWORD \
-appsvr_id $APPSVR_ID \
-policysvr ${TAM_HOST}:7135:1 \
-port 7135 \
-authzsvr ${TAM_HOST}:7136:1 \
-mode remote \
-cfg_file ${CFG_FILE} \
-key_file ${KEY_FILE} \
-cfg_action create