Tuesday, August 12, 2014

Information Server V11.3 Secured Client Server Communication - Importing SSL Certificate

Information Server V11.3 onwards installs in https mode and it accepts secure connections only providing secure Client Server Communication.It means various clients communicates with the domain only in https mode. During these connections alert pops up to accept the certificate. In this blog I share detailed steps to accept the certificate for different clients and store them in OS/IS client trust-store permanently and avoid these alerts especially if one want to achieve Automation.
This is how the security alerts shows up when you connect from different clients.

Security Alert – DataStage and QualityStage Designer

Security Alert – Admin Console (web application)

Security Alert : IS Console/Fast Track client

Security Alert – DataStage command line compile
Security Alert : Information Server Manager
DataStage and Quality Stage Designer/Director/Administrator clients, web applications like Launch pad, Administration console etc.. and command line tools like dscc.exe (command line job compiler) etc.. require the SSL certificate to be present in OS trust-store.

Other clients like IS Console, IS Manager, FastTrack and command line tools like dsadmin.exe require SSL certificate to be present in IS Client trust-store.

Procedure to accept the certificate to establish the connection.
Accept the certificate and store into IS Client trust-store:

  1. using command line - C:\IBM\InformationServer\ASBNode\bin\UpdateSignerCerts.bat -url https:<IS_HOST>:<IS_HOST_PORT> -user <user> -password <password> -silent
  2. Use any client like IS Manager/IS Console/Fasttrack and try to login to server. You will be presented with security alert. Select option “Accept certificate permanently”.
Accept the certificate and store into OS trust-store:

Click on “View Certificate” button on Security Alert Window that appear when you try to login from DS and QS Designer.
Select “Install Certificate” button and follow the wizard to import the certificate.

Select  “Place all certificates in the following store”, click on “Browse” and select “Trusted Root Certification Authorities”

Security warning window pops up –  Click on “Yes” to finish the import. Finally “The Import was successful” informational message shows up.

 Imported certificate can be
verified in certificate manager. This can be invoked using “certmgr.exe”
or “rundll32.exe cryptui.dll,CryptUIStartCertMgr”.
Once the certificate acceptance is done user will be able to connect from clients without certificate alerts.


Disclaimer: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”

No comments:

Post a Comment