Question & Answer
Question
How do you configure the email probe for TLS/SSL?
Answer
The email servers certificates can be obtained from the email server administrator or email server provided.
These certificates can then be imported into a Java keystore for use with the probe.
For example:
cd C:\Program Files (x86)\Java\jre1.8.0_77\bin
.\keytool.exe -importcert -file "c:\temp\GeoTrustGlobalCA.pem" -keystore "c:\temp\MOZILLA.JKS"
.\keytool.exe -list -keystore "c:\temp\MOZILLA.JKS"
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mykey, 04-Jul-2016, trustedCertEntry,
Certificate fingerprint (SHA1): ...
.\keytool.exe -importcert -file "c:\temp\GeoTrustGlobalCA.pem" -keystore "c:\temp\MOZILLA.JKS"
.\keytool.exe -list -keystore "c:\temp\MOZILLA.JKS"
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mykey, 04-Jul-2016, trustedCertEntry,
Certificate fingerprint (SHA1): ...
The MOZILLA.JKS file can then be referenced in the probes property file.
KeyStoreFile : "C:\\IBM\\Tivoli\\Netcool\\omnibus\\probes\\win32\\MOZILLA.JKS"
KeyStorePassword : "ECEDBJAGBJFHGD"
TrustStoreFile : "C:\\IBM\\Tivoli\\Netcool\\omnibus\\probes\\win32\\MOZILLA.JKS"
TrustStorePassword : "ECEDBJAGBJFHGD"
KeyStorePassword : "ECEDBJAGBJFHGD"
TrustStoreFile : "C:\\IBM\\Tivoli\\Netcool\\omnibus\\probes\\win32\\MOZILLA.JKS"
TrustStorePassword : "ECEDBJAGBJFHGD"
For webmail services such as outlook, a copy of the Java cacerts file can be used.
On Linux.
KeyStoreFile : '/opt/IBM/tivoli/netcool/omnibus/probes/linux2x86/OUTLOOK/cacerts.jks'
KeyStorePassword : 'DHEGAGBBBBENGAGF' #changeit
TrustStoreFile : '/opt/IBM/tivoli/netcool/omnibus/probes/linux2x86/OUTLOOK/cacerts.jks'
TrustStorePassword : 'DHEGAGBBBBENGAGF' #changeit
KeyStorePassword : 'DHEGAGBBBBENGAGF' #changeit
TrustStoreFile : '/opt/IBM/tivoli/netcool/omnibus/probes/linux2x86/OUTLOOK/cacerts.jks'
TrustStorePassword : 'DHEGAGBBBBENGAGF' #changeit
Check the server certificate with openssl.
openssl s_client -connect outlook.office365.com:993
Owner: CN=outlook.com, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
Issuer: CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US
Follow the certificate chain to find the root CA certificate.
The outlook server uses the standard root CA certificate available in the Java's cacerts file.
find $NCHOME -name cacerts
$NCHOME/platform/linux2x86/jre64_1.8.0/jre/lib/security/cacerts
$NCHOME/platform/linux2x86/jre_1.8.0/jre/lib/security/cacerts
mkdir $NCHOME/omnibus/probes/linux2x86/OUTLOOK
cd $NCHOME/omnibus/probes/linux2x86/OUTLOOK
cp $NCHOME/platform/linux2x86/jre64_1.8.0/jre/lib/security/cacerts cacerts.jks
Checking the cacerts.jks file.
keytool -list -keystore cacerts.jks -storepass changeit
keytool -v -list -keystore cacerts.jks -storepass changeit
keytool -list -keystore cacerts.jks -storepass changeit
keytool -v -list -keystore cacerts.jks -storepass changeit
keytool -v -list -keystore cacerts.jks -storepass changeit -alias digicertglobalrootca
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"ARM Category":[{"code":"a8m500000008a0KAAQ","label":"Probes-\u003E1 Individual Probes-\u003EEmail nco_p_email"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 August 2023
UID
ibm16467663