Skip to Content

Creating a public key infrastructure (PKI) trust store

A trust store contains certificates used for operator and administrator authentication. When an MVCA viewer or CCS client connect and client certificates are required, the PKI trust store will be accessed to ensure the user's client certificate is requested and validated using the root certificates in the MainView Console Management certificate trust store.

To create a trust store

  1. Log into your Linux server using SSH shell or PuTTY.

  2. Issue the following command:

    /usr/iocinst/bin/mvcm_trust_create
  3. Obtain the certificate chain that you use to sign operator certificates from your certification authority
  4. Copy the certificates to: /usr/iocinst/hgc/security.

  5. Import the certificate chain using the following command:

    /usr/iocinst/bin/mvcm_trust_import <certificate file>
    Warning

    Note

    For <certificate file>, use the name of the PEM file you received from your certificate authority.

  6. Edit all CCS servers and MainView Console Automation servers then select 'Require Client Certificates' option.
  7. Restart all CCS servers and MVCA servers.
  8. Reboot the Linux server to ensure the services are restarted with the new settings.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

MainView Console Management for zEnterprise, MainView Console Automation for zEnterprise, and MainView SecureHMC 3.4