CLI – Managing server certificates

During the installation, a self-signed Secure Sockets Layer (SSL) certificate is generated to create a secure communication channel for servers and clients. If you already have a trusted certificate that you want to use, you can replace the self-signed certificate with an existing trusted certificate or generate a new certificate.

A self-signed certificate file, vp.crt, and a certificate key file, vp.key, are stored in the following directory:

/opt/ibm/ibm_spectrum_control/settings/ssl_cert.

Because the self-signed certificate is not automatically recognized by the web browser that you use to log in to Spectrum Control Base, you might encounter a connection security warning before you can access the Spectrum Control Base login page (see GUI – Logging in).

This image shows a connection security warning in the Mozilla Firefox web browser. — Figure 1. Connection security warning in the Mozilla FireFox web browser

To avoid such warning messages, use the import option of the sc_ssl command to upload a server certificate which is signed by a public certificate authority (CA), such as VeriSign, or by a CA whose root certificate was imported to your web browser. In addition, you can use the other options of the sc_ssl command to generate or to trust an SSL certificate.

Note:

All CLI command arguments are case-sensitive.
The same operations are available from the GUI as well, as explained in GUI – Managing server certificates.

Table 1. Arguments for sc_ssl
Argument	Use after sc_ssl to:
generate -c <common_name> -n <host_name> -i <ip_address> -e <expiration_period>	Enter the hostname, common name, IP address of the Spectrum Control Base server and certificate validity period (in days). For example: `sc_ssl generate -c mycommonname -n "sc_serverhostname" -i 1.0.0.200 -e 5000`
trust -c <certificate_path>	Select an SSL certificate to be trusted, by providing a path to its location. For example: `sc_ssl trust -c CA_certificate.crt`
import -c <certificate_path> -k <key_path>	Import a SSL certificate and a key file, by providing paths to their locations. For example: `sc_ssl import -c self_signed_certificate.crt -k private_key.key`
-h	Display help information that is relevant to sc_ssl. You can also display help for the generate, trust, or import argument if it is typed on the command line as well.