Use a custom certificate to access the EEM Web UI.

Document ID : KB000010727
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

For added security, you may want to use a custom certificate from a Trusted Certificate Authority for the Web-based EEM UI.

This document will explain how to achieve this using a custom p12 certificate file.

Instructions:

By default EEM iGateway uses default igateway certificates(igatewayCert) for communication.

To change this to a custom p12 certificate, follow the steps below.
Note: You need to procure your own p12 file signed by a Trusted Certificate Authority.

1. Copy the p12 certificate to the iTechnology directory (IGW_LOC).

*NIX:
cd $IGW_LOC
Default dir:
/opt/CA/SharedComponents/iTechnology

Windows:
cd %IGW_LOC%
Default dir:
C:\Program Files (x86)\CA\SC\iTechnology

2. Stop the CA iTechnology iGateway service.

*NIX
cd $IGW_LOC
./S99igateway stop

Windows
services.msc
stop the "CA iTechnology iGateway" service

3. Edit the IGW_LOC/igateway.conf file and update the <Connector name="defaultport"> section.

It should look like this in the file:

<Connector name="defaultport">
<port>5250</port>
<mustlisten>true</mustlisten>
<conntype/>
<conntimeout>120</conntimeout>
<peektimeout>30</peektimeout>
<maxconnections>1000</maxconnections>
<maxrequestbytes>10000000</maxrequestbytes>
<maxpiperequests>10</maxpiperequests>
<maxAcceptRate/>
<certType/>
<certURI/>
<certPW/>
<keyURI/>
<keyPW/>
<secureProtocol/>
<cipherlist/>
</Connector>


4. Set certType to p12
<certType>p12<certType/>

5. Set certURI to your .p12 certificate filename
<certURI>filename.p12<certURI/>

6. Munge the certificate password using IGW_LOC/ConfigTool.

Example *NIX
./ConfigTool -munge -version 4.7.5.2 -comp igateway -tag "TransportReceiver=HTTP;Connector=defaultport;certPW;" -pass password

Example Windows:
ConfigTool.exe -munge -version 4.7.5.2 -comp igateway -tag "TransportReceiver=HTTP;Connector=defaultport;certPW;" -pass <password>

Make sure the version matches the version that you see at the beginning of the $IGW_LOC/igateway.conf file.

Example:
igateway.conf file contains:
<iGatewayConfig>
<Version>4.7.5.2</Version>

Command to run:
./ConfigTool -munge -version 4.7.5.2 -comp igateway -tag "TransportReceiver=HTTP;Connector=defaultport;certPW;" -passwd testpass
Operation Successful!!

Result in igateway.conf file:

<certPW>EgAdHA4=</certPW>

7. The section in question should look like this now (with the appropriate p12 file name and munged password values):

<Connector name="defaultport">
<port>5250</port>
<mustlisten>true</mustlisten>
<conntype/>
<conntimeout>120</conntimeout>
<peektimeout>30</peektimeout>
<maxconnections>1000</maxconnections>
<maxrequestbytes>10000000</maxrequestbytes>
<maxpiperequests>10</maxpiperequests>
<maxAcceptRate/>
<certType>p12<certType/>
<certURI>filename.p12<certURI/>
<certPW>EgAdHA4=</certPW>
<keyURI/>
<keyPW/>
<secureProtocol/>
<cipherlist/>
</Connector>

7. Save and exit the igateway.conf file
8. Start the iTechnology service
./S99igateway start