PLEASE DO TASK ONE SERVER AT A TIME START WITH POK AND THEN DO BLDR
Login to UserServivces Servers and follow the steps below.
1. GET current Keystore used by IHS
{Server}:/usr/WebSphere/HTTPServer/conf# grep -i Keyfile httpd.conf | grep -v ^#
Keyfile /web/security/webidentity.kdb
2. Generate new Certificate using current keystore file from step 1.
gsk7cmd -cert -create -db webidentity.kdb -pw PASSW0RD -label "{Server}" -dn "{Server},OU=Web Identity,O=IBM,C=US" -size 2048 -x509version 3 -expire 7300
gsk7cmd -cert -list -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -details -db webidentity.kdb -pw PASSWORD -label "{Server}"
3. Send new User Service CRS to IBMCAPKI (https://daymvs1.pok.ibm.com/ibmca)
gsk7cmd -certreq -recreate -db webidentity.kdb -pw PASSW0RD -label "{Server}" -target {Server}.crs
NOTE: Before anything, you must create a new profile on IBMCAPKI so you can send CRS file.
4.Import certificate generated by xxxx
gsk7cmd -cert -receive -file cert.crt -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -list personal -db webidentity.kdb -pw PASSW0RD
5.INSTALL ROOT AND INTERMEDIATE CA
gsk7cmd -cert -add -db webidentity.kdb -pw PASSWORD -file root_CA.arm -label "IBM Internal Root CA"
gsk7cmd -cert -add -db webidentity.kdb -pw PASSWORD -file internal_CA.arm -label "IBM INTERNAL INTERMEDIATE CA"
6.Change deafult certificate within keystore
gsk7cmd -cert -getdefault -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -setdefault -db webidentity.kdb -pw PASSW0RD -label "{Server}"
gsk7cmd -cert -getdefault -db webidentity.kdb -pw PASSW0RD
7. Recycle IHS after the above steps to take new certificate into effect.
8. Confirm no errors in the IHS logs.
9. If no errors ask the testers to test the UserServices functions.
Login to UserServivces Servers and follow the steps below.
1. GET current Keystore used by IHS
{Server}:/usr/WebSphere/HTTPServer/conf# grep -i Keyfile httpd.conf | grep -v ^#
Keyfile /web/security/webidentity.kdb
2. Generate new Certificate using current keystore file from step 1.
gsk7cmd -cert -create -db webidentity.kdb -pw PASSW0RD -label "{Server}" -dn "{Server},OU=Web Identity,O=IBM,C=US" -size 2048 -x509version 3 -expire 7300
gsk7cmd -cert -list -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -details -db webidentity.kdb -pw PASSWORD -label "{Server}"
3. Send new User Service CRS to IBMCAPKI (https://daymvs1.pok.ibm.com/ibmca)
gsk7cmd -certreq -recreate -db webidentity.kdb -pw PASSW0RD -label "{Server}" -target {Server}.crs
NOTE: Before anything, you must create a new profile on IBMCAPKI so you can send CRS file.
4.Import certificate generated by xxxx
gsk7cmd -cert -receive -file cert.crt -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -list personal -db webidentity.kdb -pw PASSW0RD
5.INSTALL ROOT AND INTERMEDIATE CA
gsk7cmd -cert -add -db webidentity.kdb -pw PASSWORD -file root_CA.arm -label "IBM Internal Root CA"
gsk7cmd -cert -add -db webidentity.kdb -pw PASSWORD -file internal_CA.arm -label "IBM INTERNAL INTERMEDIATE CA"
6.Change deafult certificate within keystore
gsk7cmd -cert -getdefault -db webidentity.kdb -pw PASSW0RD
gsk7cmd -cert -setdefault -db webidentity.kdb -pw PASSW0RD -label "{Server}"
gsk7cmd -cert -getdefault -db webidentity.kdb -pw PASSW0RD
7. Recycle IHS after the above steps to take new certificate into effect.
8. Confirm no errors in the IHS logs.
9. If no errors ask the testers to test the UserServices functions.
No comments:
Post a Comment