![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
![[z/OS]](../images/ngzos.gif)
Adding the signer certificate from the secondary deployment manager to the local trust store
To enable Secure Sockets Layer (SSL) in your high availability deployment manager environment, the local trust store must contain the signer certificate from the secondary deployment manager. If the trust store does not contain the signer certificate, add the certificate to the trust store to prevent errors and enable secure communication among the core group members.
About this task
To elect the secondary deployment manager to take over as the primary deployment manager when SSL
is enabled in your environment, the signer certificate of the secondary deployment manager must
exist in the local trust store. Specifically, the com.ibm.ssl.trustStore value must be set to the
cell-level default trust store in the
deployment_manager_profile/properties/ssl.client.props file.
If the certificate cannot be located in the local trust store, the SSL handshake fails and you might
receive the following error
message:
CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN
"CN=xdblade36b07.rtp.raleigh.ibm.com, O=IBM, C=US"
was sent from target host:port "*:9043".
The extended error message from the SSL handshake exception is:
"No trusted certificate found".
Add
the signer certificate from the secondary deployment manager to the local trust store to enable
secure communication in your high availability deployment manager environment.Procedure
Results
The configuration can connect to and accurately check the status of the secondary deployment manager.