|
1 | | -# signed certificate |
2 | | -This document describes how to create a signed certificate and add it to the IBM Streams instance. |
| 1 | +# Add Signed Certificate to IBM Streams |
| 2 | +This document describes how to create a signed certificate and add it to the IBM Streams. |
| 3 | + |
| 4 | +System requirements |
| 5 | + |
| 6 | +Linux RedHat |
| 7 | +A installed and running IBM Streams |
| 8 | + |
| 9 | +Procedure |
| 10 | +Complete the following steps on your RedHat Streams Server. |
| 11 | + |
| 12 | +## openssl |
| 13 | +Login as root in your Streams server |
| 14 | +Check if installed openssl |
| 15 | +check if is openssll already installed. |
| 16 | +``` |
| 17 | +which openssl |
| 18 | +/usr/local/bin/openssl |
| 19 | +``` |
| 20 | +If not install openssl via yum |
| 21 | + |
| 22 | +``` |
| 23 | +yum install openssl |
| 24 | +
|
| 25 | +``` |
| 26 | +Change user to streamsadmin |
| 27 | +``` |
| 28 | +su – streamsadmin |
| 29 | +``` |
| 30 | + |
| 31 | +## Create an OpenSSL client configuration file |
| 32 | +``` |
| 33 | +mkdir $HOME/ ca-certificates |
| 34 | +
|
| 35 | +cd $HOME/ ca-certificates |
| 36 | +
|
| 37 | +vi myca.cnf |
| 38 | +``` |
| 39 | + |
| 40 | +Edit myca.cnf and put your countryName, countryName, localityName ... in openssl configuration file |
| 41 | + |
| 42 | +``` |
| 43 | +[ req ] |
| 44 | +prompt = no |
| 45 | +days = 365 |
| 46 | +distinguished_name = req_distinguished_name |
| 47 | +req_extensions = v3_req |
| 48 | +
|
| 49 | +
|
| 50 | +[ req_distinguished_name ] |
| 51 | +countryName = US |
| 52 | +countryName = FL |
| 53 | +localityName = Miami |
| 54 | +organizationName = MyOrg |
| 55 | +organizationalUnitName = MyOrgUnit |
| 56 | +commonName = mycommname.com |
| 57 | + |
| 58 | +
|
| 59 | +[ v3_req ] |
| 60 | +basicConstraints = CA:false |
| 61 | +extendedKeyUsage = serverAuth |
| 62 | +subjectAltName = @sans |
| 63 | +
|
| 64 | +[ sans ] |
| 65 | +DNS.0 = localhost |
| 66 | +DNS.1 = myexampleserver.com |
| 67 | +
|
| 68 | +``` |
| 69 | + |
| 70 | +For more details about openssl configuration please refer to: |
| 71 | + |
| 72 | +https://www.ibm.com/docs/en/hpvs/1.2.x?topic=reference-openssl-configuration-examples |
| 73 | + |
| 74 | +## Create certificate file |
| 75 | +Now you can create a certificate. |
| 76 | +``` |
| 77 | +openssl req -config $HOME/ca-certificates/myca.cnf -newkey rsa:4096 -x509 -sha256 -nodes -out streams.crt -keyout streams.key |
| 78 | +``` |
| 79 | +Check if the file streams.crt is created. |
| 80 | +``` |
| 81 | +ls $HOME/ca-certificates/streams.crt |
| 82 | +/home/streamsadmin/ca-certificates/streams.crt |
| 83 | +
|
| 84 | +``` |
| 85 | +## Add certificate to IBM Streams |
| 86 | + |
| 87 | +The streamtool addcertificate command adds a client certificate into the web management service (SWS) truststore or the HTTP server |
| 88 | + |
| 89 | +For more details about add a certificate to IBM Streams please refer to: |
| 90 | + |
| 91 | +https://www.ibm.com/docs/en/streams/4.3.0?topic=commands-streamtool-addcertificate |
| 92 | + |
| 93 | + |
| 94 | +``` |
| 95 | +streamtool addcertificate -f $HOME/ca-certificates/streams.crt --clientid streams-ca |
| 96 | +Trusted client certificate for streams-ca imported successfully for domain StreamsDomain. |
| 97 | +``` |
| 98 | + |
| 99 | +## Check domain property |
| 100 | +``` |
| 101 | +getdomainproperty -a | grep cer |
| 102 | +``` |
| 103 | + |
| 104 | + |
3 | 105 |
|
0 commit comments