Updating SSL certificates (Version 4.3.0 and earlier only)

During installation, the Secure Sockets Layer (SSL) certificate is configured automatically.

Attention: Do not perform this procedure when using a SAN Volume Controller cluster that is running Version 4.3.1 or later. Corruption of the GUI application can result which might require a complete reinstallation of the GUI.

If the SAN Volume Controller Console is installed on a master console server, you can verify that an SSL certificate is valid. You can also regenerate an SSL certificate that is expired or not valid.

Certificates that are not valid and expired certificates are considered valid when they are loaded by the CIM service; however, a warning message is logged if the certificate is expired or is not valid. Note that other non-IBM® client applications might require a valid SSL key.

To verify that the currently configured SSL key is valid, complete the following steps:
  1. From a command prompt window, go to the installation svcconsole\cimom\bin directory.
  2. Issue the command chkcertificate certname.
    The following lines are displayed:

    C:\Program Files\IBM\svcconsole\cimom\bin>mkcertificate ssl
    C:\Program Files\IBM\svcconsole\cimom\bin>chkcertificate ssl
    notBefore=Mar 28 01:56:05 2008 GMT
    notAfter=Mar 28 01:56:05 2009 GMT

To regenerate a certificate, complete the following steps:

  1. From a command prompt window, go to the C:\Program Files\IBM\svcconsole\cimom directory.
  2. Issue the command mkcertificate.bat ssl. This creates an ssl.cert file in the certificate directory.
  3. Stop the CIM agent server.
  4. Issue the command cimconfig -s sslCertificateFilePath=C:\Program Files\IBM\svcconsole\cimom\certificate\ssl.cert -p.
  5. Issue the command cimconfig -s sslKeyFilePath=C:\Program Files\IBM\svcconsole\cimom\certificate\ssl.key -p.
  6. Copy the files to the following subdirectories:
    Note: Each directory begins with C:\Program Files\IBM\svcconsole\console\embeddedWAS.

    C:\...\config\cells\DefaultNode\applications\
    ICAConsole.ear\deployments\ICAConsole\ICAConsole.war\
    WEB-INF

    C:\...\config\cells\DefaultNode\applications\
    SVCConsole.ear\deployments\SVCConsole\SVCConsole.war\
    WEB-INF

    C:\...\config\installedApps\DefaultNode\
    ICAConsole.ear\ICAConsole.war\WEB-INF

    C:\...\config\installedApps\DefaultNode\
    SVCConsole.ear\SVCConsole.war\WEB-INF

  7. Stop and then restart the following applications:
    • IBM System Storage® SAN Volume Controller Pegasus Server.

      This service is located in Start -> Programs -> IBM System Storage SAN Volume Controller -> Stop CIMOM Service and Start CIMOM Service.

    • IBM WebSphere® Application Server V6 - SVC.

      Go to Start -> Settings -> Control Panel -> Administrative Tools -> Component Services.

    To stop and then restart the services, right-click on the application and select Stop, and then Start.
    Note: If the stop command times-out in the IBM WebSphere application, you can restart the SSPC or master console because this restarts the application, as well.
  8. Ensure that both applications are running again. Launch the SAN Volume Controller Console and log on.
Parent topic: Troubleshooting the SAN Volume Controller Console
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.