A new SSL Certificate must be created and set as Default, then LDAP must be set to use the new SSL Certificate.
To create the new default SSL certificate and set it as default
- Connect to and login to the SSIM via an SSH client such as Putty or at the console.
- Switch users to root and obtain roots environment with the command su - and enter the password when prompted.
- Confirm whether the hostname is the short name or FQDN with the command hostname
- Stop all services by navigating to the /opt/Symantec/simserver/bin directory and run the command ./stopservices.sh --all
- Run the below command for your version of SSIM, making sure to replace <hostname> with the results from the command in step 3.
SSIM 4.5
gsk7cmd –cert –create –db /etc/symantec/ses/key.kdb –pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -label SESA1 –dn cn=<hostname> -size 1024 –default_cert yes –expire 7300
SSIM 4.6 and 4.7
gsk7cmd.ssim –cert –create –db /etc/symantec/ses/key.kdb –pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -label SESA1 –dn cn=<hostname> -size 1024 –default_cert yes –expire 7300
Note: In the gsk7cmd the ticks around the `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` are from the key above Tab and left of the number 1. These are not single quotes.
Modify the ibmslapd.conf file so that LDAP uses the new default SSL Certificate
- Edit the ibmslapd.conf file with the command vi /dbsesa/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf
- Jump to the line to be edited by typing /ibm-slapdSslCertificate and press Enter.
- Press I to enter Insert mode.
- Use the arrow keys on the keyboard to move the cursor and change the entry to say SESA1
- Press Esc to exit Insert mode.
- Press :wq to save your changes and exit vi.
- Start all services by navigating to the /opt/Symantec/simserver/bin directory and run the command ./startservices.sh --all
If you want to confirm the default SSL certificate is the one you created, use the command below
gsk7capicmd -cert -getdefault -db /etc/symantec/ses/key.kdb –pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth`