GUI – Managing server certificates

During the installation, a self-signed Secure Sockets Layer (SSL) certificate is generated to create a secure communication channel for servers and clients. If you already have a trusted certificate that you want to use, you can replace the self-signed certificate with an existing trusted certificate or generate a new certificate.

About this task

A self-signed certificate file, vp.crt, and a certificate key file, vp.key, are stored in the following directory:

/opt/ibm/ibm_spectrum_control/settings/ssl_cert.

Because the self-signed certificate is not automatically recognized by the web browser that you use to log in to Spectrum Control, you might encounter a connection security warning before you can access the Spectrum Control login page (see GUI – Logging in).

This image shows a connection security warning in the Mozilla Firefox web browser. — Figure 1. Connection security warning in the Mozilla FireFox web browser

To avoid such warning messages, you need to upload a server certificate which is signed by a public certificate authority (CA), such as VeriSign, or by a CA whose root certificate was imported to your web browser. In addition, you can generate an SSL certificate.

Procedure

Click Server certificate in the Settings menu. The Server Certificate dialog box is displayed.
Figure 2. Generate option on Server Certificate dialog box

Enter the hostname, common name, IP address of the Spectrum Control server and certificate validity period, and then click Generate.

Note: The Spectrum Control hostname is automatically copied from the FQDN field of the Settings menu. The value is entered during high-availability group definition, as explained in GUI – Defining a high-availability group.

Spectrum Control generates the SSL certificate and key files, restarts the Nginx process and refreshes the web browser.

Log out and log into Spectrum Control to complete the certificate generation.
To upload a certificate and a certificate key files, select Upload files on the Server Certificate dialog box.
Figure 3. Upload files option on Server Certificate dialog box
Click Browse and attach your certificate vp.crt, and a certificate key files, vp.key, and then click Upload. Spectrum Control overwrites the existing SSL certificate and key files, restarts the Nginx process and refreshes the web browser.
Log out and log into Spectrum Control to complete the procedure.