Add a trust relationship between a management server and
a proxy to establish a Secure Sockets Layer (SSL) connection. Management
servers and proxies can communicate securely only if you establish
an SSL connection between these components.
This task must be performed only if the management server
and proxy are on different computers and if the global preferences
in the manager are set to require an SSL connection between the management
server and proxy.
This task is performed by the administrators
of the computers on which the management server and proxy are deployed.
Before
you add a trust relationship between a management server and a proxy:
- Verify that you can access the keystore of the application server
on which the management server is installed.
- Verify that you have command line access to the computer on which
you have installed the proxy.
To add a trust relationship between a management server and
a proxy:
- Generate a certificate file for the application server
on which the management server is installed. Ensure that
the host name used in the certificate file is the exact host name
that the proxy is to use to access the management server. You
can use a public Certification Authority (CA) to generate a trusted
certificate for the application server, or you can use the application
server to set up a Certification Authority, self-generate a certificate,
and save the certificate text to a text file. For information
on how to use the application server to self-generate a certificate,
see the security documentation for your application server.
- If the management server and the proxy are on different
computers, ensure that the proxy computer can access the certificate
file from the management server computer. If necessary,
copy the certificate file to the proxy computer.
- Use the Java keytool key
and certificate management utility with the -importcert option
to import the certificate from the certificate file into the keystore
of the proxy. The keystore location for each proxy is at proxy_folder\jdk\jre\lib\security,
where proxy_folder is the
folder in which the proxy is installed. For information
on the keytool utility, see the Java documentation for the keytool utility.
- Use the Java keytool key
and certificate management utility with the -genkeypair option
to generate a certificate file for the proxy. Ensure that
the host name used in the certificate file is the exact host name
that the management server is to use to access the proxy.
- If the proxy and the application server are on different
computers, ensure that the management server computer can access the
certificate file from the proxy computer. If necessary,
copy the certificate file to the management server computer.
- Import the certificate from the certificate file into the
keystore of the application server on which the management server
is installed. For information on how to import a certificate
into the application server, see the security documentation for your
application server.
When you are done, you must configure both the management
server and the proxy to use the https protocol to connect with other
components.