GUI – Managing server certificates

During the installation, a self-signed Secure Sockets Layer (SSL) certificate is generated to create a secure communication channel for servers and clients. If you already have a trusted certificate that you want to use, you can replace the self-signed certificate with an existing trusted certificate or generate a new certificate.

About this task

A self-signed certificate file, vp.crt, and a certificate key file, vp.key, are stored in the following directory:

/opt/ibm/ibm_spectrum_control/settings/ssl_cert.

Because the self-signed certificate is not automatically recognized by the web browser that you use to log in to Spectrum Control, you might encounter a connection security warning before you can access the Spectrum Control login page (see GUI – Logging in).
Figure 1. Connection security warning in the Mozilla FireFox web browser
This image shows a connection security warning in the Mozilla Firefox web browser.

To avoid such warning messages, you need to upload a server certificate which is signed by a public certificate authority (CA), such as VeriSign, or by a CA whose root certificate was imported to your web browser. In addition, you can generate an SSL certificate.

Procedure

  1. Click Server Certificate in the Settings menu. The Server Certificate dialog box is displayed.
    Figure 2. Generate option on Server Certificate dialog box
    This image shows the Generate option on the Server Certificate dialog box.
  2. Enter the hostname, common name, IP address of the Spectrum Control server and certificate validity period, and then click Generate.
    Spectrum Control generates the SSL certificate and key files, restarts the Nginx process and refreshes the web browser.
  3. Log out and log into Spectrum Control to complete the certificate generation.
  4. To upload a certificate and a certificate key files, select the Upload files check box on the Server Certificate dialog box.
    Figure 3. Upload files option on Server Certificate dialog box
    This image shows the Upload files option on the Server Certificate dialog box.
  5. Click Browse and attach your certificate vp.crt, and a certificate key files, vp.key, and then click Upload. Spectrum Control overwrites existing the SSL certificate and key files, restarts the Nginx process and refreshes the web browser.
  6. Log out and log into Spectrum Control to complete the procedure.