Replacing expired LDAP and CIMOM certificates in the truststore file

Expired CIMOM or LDAP certificates must be replaced. This topic describes a procedure for replacing an expired certificate.

CIMOM and LDAP certificates can expire. When this happens, they must be replaced. If you get an error saying: Invalid key in truststore, you must update your LDAP certificate.

  1. Obtain the current certificate. LDAP certificates are obtained from the LDAP administrator. CIMOM certificates are created by the mktruststore command. See step 4.
  2. On each node, run the stopConsole command, then the stopCimom command.
  3. On the master console, change to /usr/tank/admin.
  4. Run the bin/mktruststore command. As a parameter, use the path and file name of the LDAP certificate, if it exists.
  5. Use Secure copy (SCP) to copy the truststore to each node in the cluster.
    Note: Do not run the mktruststore command on each node. You must copy the truststore to each node.
  6. On each node, run the /usr/tank/admin/bin/startCimom command. Then run the /usr/tank/admin/bin/startConsole command.
  7. If needed, you can now extract the CIMOM certificate for your third-party CIM application.
Related tasks
Copying the SAN Volume Controller software upgrade files using PuTTY scp
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.