When accessing the TSPM menu in the TIP console, it reports following error "CTGVG0263E The Tivoli Security Policy Manager cannot be reached". What is wrong?
Checking the SystemOut.log on the TIP profile, following messages are seen:
com.ibm.jsse2.util.h: No trusted certificate found javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found
This is an indication that the Singer Certificate of the WebSphere Server that servers the IBM Tivoli Security Policy Manager application cannot be trusted by the TIP Server.
A quick way to check in TIP is by looking at the expiration date of the 'tspm_server' certificate:
TIP > Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > tspm_server
In case the Signer Certificate has expired, you can overcome this situation by importing the TSPM Server (WebSphere) Signer Certificate again.
TIP > Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
Select 'tspm_server' and press 'Delete'
Next click 'Retrieve from port'
Fill out the required Host and Port (typically 9443) of the WAS Server hosting TSPM, and give the alias the name 'tspm_server'. Next click 'Retrieve singer information'.
Make sure to save the changes.
After taking these steps, verify if the connection from TIP to TSPM is restored.