Skip to Content

Obtaining a signed server certificate

This topic describes how to obtain a signed server certificate to eliminate web browser warnings.

Warning

Note

It is assumed that the enterprise has an internal certificate signing authority, and the proper public certificates are pushed out to users' desktops.

When MainView Console Management is installed, a self-signed certificate is generated by the installer based on the Linux server's host name. If this is incorrect, a new certificate must be generated.

To generate a new certificate

  1. Log into the Linux server using PuTTY or other SSH shell.

  2. Issue the following command:

    /usr/iocinst/bin/mvcm_cert_gen <hostname>
    Warning

    Note

    The <hostname> is optional. If it is not supplied, the <hostname> is determined from the Linux operating system using the 'hostname -f' command.

    This generates a new self-signed certificate.

    Warning

    Note

    The certificate is stored in /usr/iocinst/config/security. It is also stored both as a java .JKS file (java keystore) for Tomcat, and MVCA and a .PEM file for use by CCS.

  3. Generate a certificate signing request with the command:

    /usr/iocinst/bin/mvcm_cert_gen_request

    This will generate the certificate signing request and store it in /usr/iocinst/config/security.

  4. Send this file to your certificate authority and ask that it be signed.

  5. After receiving the certificate, , copy the file to /usr/iocinst/config/security , and run the command:

    /usr/iocinst/bin/mvcm_cert_import <filename>
    Warning

    Note

    The <filename> is the name of the received signed certificate. Once this is done, reboot the Linux server to ensure that all MainView Console Management services are restarted with the newly signed certificate.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

MainView Console Management for zEnterprise, MainView Console Automation for zEnterprise, and MainView SecureHMC 3.4