Replacing expired LDAP and CIMOM certificates

Expired CIMOM or LDAP certificates must be replaced.

Context

CIMOM and LDAP certificates can expire. When this happens, they must be replaced. If you get an error saying: "Invalid key in truststore," you must update your LDAP certificate.

Steps

  1. Obtain the current certificate. LDAP certificates are obtained from the LDAP administrator. CIMOM certificates are created by the mktruststore command. See step 4.
  2. On each engine, run stopConsole, then stopCimom.
  3. On the master engine, change to /usr/tank/admin.
  4. Run bin/mktruststore. As a parameter, use the path and file name of the LDAP certificate, if it exists.
  5. Use scp to copy the truststore to each engine in the cluster.
    Note: Do not run the mktruststore command on each engine. You must copy the truststore to each engine.
  6. On each engine, run /usr/tank/admin/bin/startCimom. Then run /usr/tank/admin/bin/startConsole.
  7. If needed, you can now extract the CIMOM certificate for your third-party CIM application.

Parent topic: Troubleshooting an administrative server

Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.