Adding a trust relationship between a management server and a proxy

Add a trust relationship between a management server and a proxy to establish a Secure Sockets Layer (SSL) connection. Management servers and proxies can communicate securely only if you establish an SSL connection between these components.

This task must be performed only if the management server and proxy are on different computers and if the global preferences in the manager are set to require an SSL connection between the management server and proxy.

This task is performed by the administrators of the computers on which the management server and proxy are deployed.

Before you add a trust relationship between a management server and a proxy:
  • Verify that you can access the keystore of the application server on which the management server is installed.
  • Verify that you have command line access to the computer on which you have installed the proxy.
To add a trust relationship between a management server and a proxy:
  1. Generate a certificate file for the application server on which the management server is installed. Ensure that the host name used in the certificate file is the exact host name that the proxy is to use to access the management server. You can use a public Certification Authority (CA) to generate a trusted certificate for the application server, or you can use the application server to set up a Certification Authority, self-generate a certificate, and save the certificate text to a text file. For information on how to use the application server to self-generate a certificate, see the security documentation for your application server.
  2. If the management server and the proxy are on different computers, ensure that the proxy computer can access the certificate file from the management server computer. If necessary, copy the certificate file to the proxy computer.
  3. Use the Java keytool key and certificate management utility with the -importcert option to import the certificate from the certificate file into the keystore of the proxy. The keystore location for each proxy is at proxy_folder\jdk\jre\lib\security, where proxy_folder is the folder in which the proxy is installed. For information on the keytool utility, see the Java documentation for the keytool utility.
  4. Use the Java keytool key and certificate management utility with the -genkeypair option to generate a certificate file for the proxy. Ensure that the host name used in the certificate file is the exact host name that the management server is to use to access the proxy.
  5. If the proxy and the application server are on different computers, ensure that the management server computer can access the certificate file from the proxy computer. If necessary, copy the certificate file to the management server computer.
  6. Import the certificate from the certificate file into the keystore of the application server on which the management server is installed. For information on how to import a certificate into the application server, see the security documentation for your application server.
When you are done, you must configure both the management server and the proxy to use the https protocol to connect with other components.