Troubleshooting

How to Extend the Validity of the Tivoli Directory Integrator Certificate?

If you see the following warning message ‘The selected certificate has expired!’ from the Check the validity of the Tivoli Directory Integrator certificate section, it indicates that the certificate used for securing communications in Tivoli Directory Integrator (TDI) has expired and needs to be extended. See the following steps.

1. Select OK.

2. In Windows Search, type cmd and select Enter. The results are auto-populated.

3. Right-click the Command Prompt and select Run as Administrator.

4. In the User Account Control dialog box, select Yes. The Administrator: Command Prompt opens.

5. To move to the timsol folder, type C:\Program Files\IBM\TDI\V7.2\timsol and select Enter.

   1. Run the following commands:

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -selfcert -v -alias server -validity 730 -keystore testserver.jks -storepass server

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -selfcert -v -alias admin -validity 730 -keystore serverapi\testadmin.jks -storepass administrator

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -export -alias server -keystore testserver.jks -storepass server -file myserver.crt

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -export -alias admin -keystore serverapi\testadmin.jks -storepass administrator -file myadmin.crt

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -delete -alias admin -keystore testserver.jks -storepass server

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -import -alias admin -keystore testserver.jks -storepass server -file myadmin.crt

      

      • Type "yes" to confirm your trust in this certificate.

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -delete -alias server -keystore serverapi\testadmin.jks -storepass administrator

      

      • "c:\Program Files\IBM\TDI\V7.2\jvm\jre\bin\keytool" -import -alias server -keystore serverapi\testadmin.jks -storepass administrator -file myserver.crt

      

      Type "yes" to confirm your trust in this certificate.

      

      Go to C:\Program Files\IBM\TDI\V7.2\timsol and verify that certificates myadmin and myserver are added to the timsol folder.

6. Go to C:\Program Files\IBM\TDI\V7.2\timsol and copy the testserver.jks file.

7. Go to C:\Program Files\IBM\TDI\V7.2 and paste the testserver.jks file.

8. Go to C:\Program Files\IBM\TDI\V7.2\timsol\serverapi and copy testadmin.jks file.

9. Go to C:\Program Files\IBM\TDI\V7.2\serverapi and paste testadmin.jks file.

FAQ

How to Import the Delinea Certificate?

To establish a secure connection between Delinea Secret Server and IBM IGI, you must import the Delinea certificate.

To import Delinea certificate:

1. Select the Not secure part of the Delinea Server URL. Your connection to this site is not secure dialog box opens.

   

2. Select Certificate (Invalid) and the Certificate dialog box displays.

   

3. In the Details tab, select Copy to File. The Welcome to the Certificate Export Wizard opens.

   

4. Select Next. The Export File Format panel opens.

   

5. Select Next. The File to Export panel opens.

   

6. In the File name text box, type the name for the certificate to be exported.

7. Select the Browse... button to search and select the location where you want to export the certificate.

8. Select Next. The Completing the Certificate Export Wizard opens.

   

9. Select Finish. The export was successful. message displays. The certificate is exported to the location selected.

   

10. Right-click the certificate where you have exported and select Install Certificate.

    

11. The Welcome to the Certificate Import Wizard opens.

    

12. In the Store Location area, select the Current User checkbox and then select Next. The Certificate Store panel opens.

    

13. Select the Place all certificates in the following store checkbox and then select Browse.

14. Select the Personal folder and then select Next. The Completing the Certificate Import Wizard panel opens.

    

15. Select Finish. The import was successful. message displays.

    

16. Right-click the certificate where you have imported and click Install Certificate.

    

17. The Welcome to the Certificate Import Wizard displays.

    

18. In the Store Location area, select Current User and then click Next. The Certificate Store panel displays.

    

19. Select the Place all certificates in the following store checkbox and then select Browse.

20. Select the Trusted Root Certification Authorities folder and then select Next. The Completing the Certificate Import Wizard panel opens.

    

21. Select Finish. The import was successful. message displays.

    

How to Add the Delinea Certificate?

1. Go to C:\Program Files\IBM\TDI\V7.2\jvm\jre\bin.

   

2. Right-click the ikeyman file and select Run as administrator.

3. In the User Account Control dialog box, select Yes. The IBM Key Management dialog box opens.

   

4. Select the Open icon. The Open dialog box opens.

5. Select Browse and go to C:\Program Files\IBM\TDI\V7.2\timsol and double-click the timsol folder.

6. Select testserver.jks and the select the Open icon. The Open dialog box opens.

7. Select OK. ThePassword Prompt dialog box opens.

   

8. In the Password text box, enter the password and select OK.

   The default password for testserver.jks is server.

9. In the IBM Key Management dialog box, select View/Edit to display the certificate details.

   

10. Verify the validity of the certificate and close the dialog box.

11. From the type of certificate list, select Signer Certificates.

    

12. The type of Signer Certificate as admin is listed. Select Add. The Open dialog box opens.

    

13. Select Browse and go to the thycotic.cer location.

14. Select thycotic.cer and then select the Open icon. The Open dialog box opens.

    

15. Select OK. The Enter a Label dialog box opens.

    

16. In the Enter a Label for the certificate text box, enter the label and then select OK. The certificate is listed in the Key database content section.

    

17. Select the Key Database File tab > Close. The certificate is saved.

    

18. Select the Open icon. The Open dialog box opens.

    

19. Select Browse and navigate to C:\Program Files\IBM\TDI\V7.2\timsol.

20. Double-click the timsol folder and then double-click the serverapi folder.

21. Select testadmin.jks and then select the Open icon.

22. Select OK. The Password Prompt dialog box opens.

23. In the Password text box, enter the password.

    The default password for testadmin.jk is administrator.

24. Select OK. The certificate is listed in the Key database content section.

    

25. From the type of certificate list, select Singer Certificates.

    

26. Select the certificate name server and then select Add.

    

27. The Open dialog box opens.

    

28. Select the Browse button to find and select the location of thycotic.cer.

29. Select Ok. The Enter a label dialog box opens.

    

30. In the Enter a label for the certificate text box, enter the label and then select OK. The certificate is listed in the Key database content area.

    

31. Go to Key Database File tab > Close. The certificate is saved.