Enable SSL security in automation adapter configurations
Perform the following steps to enable SSL security in
the automation adapter configurations.
- Copy the authorized keys truststore file to all nodes in the IBM Tivoli System Automation for Multiplatforms cluster:
scp ${OC_CONFIG_DIR}/ssl/sam.ssl.authorizedkeys.truststore.jks \ root@<adapter-nodename>:/etc/opt/IBM/tsamp/eez/cfg/ssl/sam.ssl.authorizedkeys.truststore.jks
- Copy the adapter keystore file to all nodes in the IBM Tivoli System Automation for Multiplatforms cluster:
cp ${OC_CONFIG_DIR}/ssl/sam.ssl.adapter.keystore.jks \ root@<adapter-nodename>:/etc/opt/IBM/tsamp/sam/cfg/ssl/sam.ssl.adapter.keystore.jks
- Start the configuration utility.
Enter the command
cfgsamadapter
. - Specify the parameters:
On the main window of the configuration dialog, click Configure. Specify the following parameters on the Security tab described in Security tab. Values below are sample values.
- Truststore:
/etc/opt/IBM/tsamp/sam/cfg/ssl/sam.ssl.authorizedkeys.truststore.jks
- Keystore:
/etc/opt/IBM/tsamp/sam/cfg/ssl/sam.ssl.adapter.keystore.jks
- Keystore password:
passphrase
- Certificate alias:
samadapter
- Truststore:
- On the main window of the configuration dialog, click Replicate. Replicate the configuration files to the other nodes in the cluster of IBM Tivoli System Automation for Multiplatforms cluster including the SSL configuration.
- Restart the automation adapter using the
samadapter
command that is used to control the automation adapter. This activates the SSL configuration. - Restart the System Automation Application Manager
server to
activate the SSL configuration. Use the following commands to start or stop the System Automation Application Manager server manually:
- Start
/opt/IBM/WebSphere/AppServer/bin/startServer.sh server1
- Stop
/opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1
Note: The WebSphere Application Server administrative user ID and password are required to stop the System Automation Application Manager server.