Adding trusted certificates

To enable secure communication with an external server, administrators can add trusted certificates for external sites into the truststore in WebSphere® Application Server Liberty. The list of aliases and certificates represents a complete chain of trust for the host. The certificates are necessary only if the host presents a certificate that is signed by a certificate authority that is not already trusted by Maximo® Application Suite.

Adding trusted certificates using API calls

To import trusted certificates, you can issue an API call to the maxinst server. This feature is useful if you do not have access to the IBM® Maximo Application Suite user interface.

About this task

You can use the following parameters for API calls:

Table 1. API call parameters
Parameter	Value
alias	The name to use for the imported certificate.
connect	The host and port in the format `hostname:port`.
servername	If the remote server where the certificate is located uses Server Name Indication (SNI), specify the name of the server.

Procedure

Select one of the following options for adding a trusted certificate using an API call:

Provide a one-line string for the certificate in the body of the API.
Complete the following steps to convert the PEM-formatted certificate to a single string and add the certificate using an API call:
1. Download the certificate that you want to add.
2. Use the following command to convert the PEM-formatted string for the certificate to a single string:
```
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <single certificate pem file>
```
3. To add the single-string certificate, provide information for the API call that includes the alias parameter, as shown in the following example:
  
  HTTP Method
  
  POST
  URL
  https://maxinst.manage.myserver.com/toolsapi/toolservice/installexternalcert?alias=certalias
  Header
  
  apikey=bfrudgf86mq874hm3hmo8859itfqsvr4lrbpc8nq
  
  Use the API key that is associated with the Manage user.
  Request body
  -----BEGIN CERTIFICATE-----\nMIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw\ nCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\nMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzM DAwMDQyWhcNMjcwOT............ ............................ ............................ tdufThcV4q5O8DIrGKZTqPwJNl\n1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd\n-----END CERTIFICATE-----
Create an API call that downloads the certificate from a server.
To download a certificate from a server, provide information, as shown in the following example:
HTTP Method

POST

URL
```
https://maxinst.manage.myserver.com/toolsapi/toolservice/installexternalcert?alias=certalias&connect=google.com:443
```
Header

apikey=bfrudgf86mq874hm3hmo8859itfqsvr4lrbpc8nq
Use the API key that is associated with the ManageMaximo Health user.

Adding trusted certificates in the user interface

You can add certificates through the user interface when you configure Maximo ManageMaximo Health for deployment. The format of the certificate must be PEM.

Procedure

Add certificates.
1. Log in to IBM Maximo Application Suite as a system administrator.
2. From Suite administration, select Workspaces from the side navigation menu and then select the workspace that you want to configure.
3. On the Overview tab for the workspace, select the Manage tile.
4. On the Manage panel, click Actions and select Update configuration.
5. In the Imported certificates row on the Update Manage configuration window, click the Edit icon.
6. In the Imported certifications section, click Add to add a certificate.
  You might have to disable the System managed switch before you can add a certificate.
7. Specify the certificate alias and copy and paste the contents of the certificate.
  Each alias name must be unique within the workspace.
8. Click Confirm to save your changes.
9. Select one of the following options:
  - If you are configuring a new deployment, click Activate.
  - If you are updating a deployment, click Apply changes.
Add certificates.
1. In IBM Maximo Application Suite click Administration and then click Catalog.
2. Select the Manage tile.
3. On the application details page, click Actions and select Update configuration.
4. In the Imported certificates row on the Update Manage configuration window, click the Edit icon.
5. In the Imported certifications section, click Add to add a certificate.
  You might have to disable the System managed switch before you can add a certificate.
6. Specify the certificate alias and copy and paste the contents of the certificate.
  Each alias name must be unique within the workspace.
7. Click Confirm to save your changes.
8. Select one of the following options:
  - If you are configuring a new deployment, click Activate.
  - If you are updating a deployment, click Apply changes.