When Tivoli Netcool/OMNIbus is
set up for SSL communication, the ObjectServer and process agent present
their server certificates to the Netcool/OMNIbus Administrator client,
on request, to establish a connection.
About this task
If a mismatch is detected between the common name defined
in the server certificate and the server name that the Netcool/OMNIbus Administrator
client uses to identify and connect to the server, a Certificate
Validation window opens so that you can choose whether
to accept or reject the server certificate. Connections will not be
established if the certificate is invalid.
The Certificate
Validation window provides a reason for the validation
request and presents a number of options. Complete the window as follows:
Procedure
- Select one of the options to accept
or reject the certificate:
- Accept this certificate permanently:
Select this option to permanently accept this certificate as valid.
You will no longer be prompted to accept this certificate during the
current or subsequent Netcool/OMNIbus Administrator sessions.
Important: Before you accept the certificate, click Examine
Certificate to review the contents of the certificate
within the Certificate Details window. After
careful examination, click OK to return to
the Certificate Validation window.
- Accept this certificate temporarily for this session:
Select this option to accept the certificate for the current session
only, after examining the certificate by using the Examine
Certificate button. No more validation prompts will be
generated for the duration of the session.
- Do not accept this certificate: Select
this option to reject the certificate and cancel the connection between
the server and client.
- Click OK to continue with the connection
process. Click Cancel (or the Close button
in the title bar) to reject the certificate irrespective of the option
that you selected in step 1.
Results
If you chose to accept the certificate permanently, the common
name and public key from the certificate are recorded in the following
file:
userdir/.netcool/nco_config_settings/user_allowed_certs.properties
In
this file path, userdir represents your home directory.
The user_allowed_certs.properties file
is a system file and is not intended for modification by users. On
subsequent connection attempts, this file is read and used to identify
any common names that were previously accepted.
You can clear
the contents of the properties file by specifying the following command-line
argument:
mode.clear.certs "true"