Information Server V11.3 onwards installs in https mode and it
accepts secure connections only providing secure Client Server
Communication.It means various clients communicates with the domain only
in https mode. During these connections alert pops up to accept the
certificate. In this blog I share detailed steps to accept the
certificate for different clients and store them in OS/IS client
trust-store permanently and avoid these alerts especially if one want to
achieve Automation.
This is how the security alerts shows up when you connect from different clients.
|
Security Alert – DataStage and
QualityStage Designer
|
|
Security Alert – Admin Console (web
application)
|
|
Security Alert : IS Console/Fast Track client |
|
Security Alert – DataStage command line compile |
|
Security Alert : Information Server Manager |
DataStage and Quality Stage Designer/Director/Administrator clients, web applications like Launch pad, Administration console etc.. and command line tools like dscc.exe (command line job compiler) etc.. require the SSL certificate to be present in OS trust-store.
Other clients like IS Console, IS Manager, FastTrack and command line tools like dsadmin.exe require SSL certificate to be present in IS Client trust-store.
Procedure to accept the certificate to establish the connection.
Accept the certificate and store into IS Client trust-store:
using command line - C:\IBM\InformationServer\ASBNode\bin\UpdateSignerCerts.bat -url https:<IS_HOST>:<IS_HOST_PORT> -user <user> -password <password> -silent
Use any client like IS Manager/IS Console/Fasttrack and try to login to server. You will be presented with security alert. Select option “Accept certificate permanently”.
Accept the certificate and store into OS trust-store:
Click on “View Certificate” button on Security Alert Window that appear when you try to login from DS and QS Designer.
Select “Install Certificate” button and follow the wizard to import the certificate.
Select “Place all certificates in the following store”, click on “Browse” and select “Trusted Root Certification Authorities”
Security warning window pops up – Click on “Yes” to finish the import. Finally “The Import was successful” informational message shows up.
Imported certificate can be
verified in certificate manager. This can be invoked using “certmgr.exe”
or “rundll32.exe cryptui.dll,CryptUIStartCertMgr
”.
Once the certificate acceptance is done user will be able to connect from clients without certificate alerts.
-Dhanunjaya
Disclaimer: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”