Migrating from a self-signed certificate to a single signed chain certificate
Before you begin:
- Make sure that a Java™ Runtime Environment is installed on your machine, and the JAVA_HOME variable is defined in the Environment variables. For more information, see the Java Runtime Environment section.
- Make sure that you obtained a signed certificate from a certificate authority (CA), and you have its root certificate and the private key of the certificate signing request.
Preparing files for enabling secure communication
To use a single signed chain certificate across all IBM® AD
servers and services, you must ensure that the following files are prepared:
- A keystore that contains the signed certificate and its root certificate.
- The private key of the signed certificate.
- The certificates in the certificate chain of the signed certificate.
For more information about preparing the files, see Prepare files for enabling secure communication.
Configuring IBM AD by using the prepared keystore
To configure IBM AD by using the prepared keystore, follow
these steps:
- Enable Hypertext transfer protocol secure (HTTPS) for IBM AD File Service, IBM AD Search Service, IBM AD Mainframe Projects Service, IBM AD Cross Applications Service, IBM AD Manual Resolutions Service, IBM AD WebSphere® Liberty Profile Service, and Authentication Server (DEX). For more information, see Securing Access on IBM AD Services Endpoints.
- Set up IBM AD Zookeeper to run in the mixed mode by following the steps at Activate the IBM AD ZooKeeper Server to use certificates.
- Configure IBM AD Batch Server and Graph Database Server by following the steps at STEP 9. Configuring IBM AD Batch Server.
- Enable the encryption channel between IBM AD Build Client and IBM AD Zookeeper by following the steps at Activate IBM AD Build Client to use certificates.
- Enable the encryption channel between IBM AD Analyze Client and IBM AD Zookeeper by following the steps at Enabling encryption channel between IBM AD Analyze Client and IBM AD ZooKeeper.