Upload an SSL Certificate

To establish secure connections in IBM Spectrum Protect Plus, you must upload an SSL certificate through the web-based management console of the virtual machine where IBM Spectrum Protect Plus is deployed, for example, HTTPS or LDAP certificates. For HTTPS certificates, PEM encoded certificates with .cer or .crt extensions are supported. For LDAP/Hyper-V certificates, DER encoded certificates with .cer or .crt extensions are supported. If uploading an LDAP SSL certificate, ensure an LDAP server is running and reachable by IBM Spectrum Protect Plus.

ASCII and binary format certificates are accepted with the standard .pem, .cer and.crt file extensions. The Administrative Console certificate import function cannot be used to update the appliance's SSL web server communications, however SSL can be updated using the procedure below. This requires that you package the private key, public key, and chain certificates into a PKCS12 format file (often referred to as PFX file with .p12 extension) and import this manually into the IBM Spectrum Protect Plus Java keystore. The procedure assumes you already have the private, public, and all supporting security objects provided by your security vendor packaged into a PKCS12 format file named "<name>.p12". If you do not have this already, you must work with your security vendor using a separate server and/or OpenSSL to generate the necessary certificate signing request. Once received, package the resulting private, public, and chain certificate objects into the required file referenced below.

To import the PKCS12 file called NAME.p12, perform the following procedure: Log in as serveradmin on the IBM Spectrum Protect Plus appliance. At the command line execute the following command: /usr/java/latest/bin/keytool -importkeystore -deststorepass ecx-beta -destkeystore /opt/virgo/configuration/keystore -srckeystore NAME.p12 -srcstoretype PKCS12, then reboot the appliance.

To upload a certificate:

  1. Contact your network administrator for the name of the certificate to export.
  2. From a supported browser, export the certificate to your computer. Make note of the location of the certificate on your computer. The process of exporting certificates varies based on your browser. See Related Topics.
  3. From a supported browser, enter the following URL:
  4. https://<HOSTNAME>:8090/
  5. where <HOSTNAME> is the IP address of the virtual machine where the application is deployed.
  6. In the login window, select an Authentication Type. To log in as an IBM Spectrum Protect Plus user with SYSADMIN privileges, select IBM Spectrum Protect Plus from the Authentication Type drop-down menu, then enter your administrator username and password. To login as a System user, select System from the Authentication Type drop-down menu, then enter the System password to access the Administrative Console. The default System password is sppadLG235. You will be prompted to change this password during the first login.
  7. Click Manage your certificates. Click Browse, browse for the certificate file on your computer, then click Upload SSL Certificate.
  8. Reboot the virtual machine where the application is deployed.

 


IBM Spectrum Protect Plus 10.1.2

Licensed Material - Property of IBM Corp. © IBM Corporation and other(s) 2018. IBM is a registered trademark of the IBM Corporation in the United States, other countries, or both. | 8/23/2018