Maximo Open Forum

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

Hey - was just going down this road and only came up with 3 SANs when looking at Core and Manage in https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=management-manual-certificate

*.masdomain
*.manage.masdomain
*.home.masdomain

I was wondering what the other 2 were you used. Did you use a multi-domain wildcard cert?

Thanks,

Andy

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

Hi Eric,

I am in a similar situation, currently implementing MAS with manually managed certificates. Based on your experience, did you proceed with a single multi-domain (SAN) certificate that includes all required SAN entries, or did you purchase separate certificates for each SAN? Additionally, which DNS and SSL provider did you use?

Best regards,
Jean

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

Hi Jean,
Sorry for the late response.  We had to request a special product from goDaddy:

Standard DV UCC/SAN/Wildcard SSL Up to 20 Domains Multiple Domain UCC/SAN/Wildcard SSL

So this is one certificate or as you put it a single multi-domain (SAN) certificate that includes all required SAN entries.

Hope this helps,
Eric

Hi Eric,

I am in a similar situation, currently implementing MAS with manually managed certificates. Based on your experience, did you proceed with a single multi-domain (SAN) certificate that includes all required SAN entries, or did you purchase separate certificates for each SAN? Additionally, which DNS and SSL provider did you use?

Best regards,
Jean

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

Out of curiosity, has anyone gotten it working with Maximo Mobile properly? We did the Wildcard SSL with 10 SANs on it that should cover all the URLs we need, but our stuff is also behind Cloudflare and they have Lets Encrypt certificates on the external endpoints. We cannot get Maximo Mobile to connect from outside the network no matter what we've tried so far.

Hi Jean,
Sorry for the late response.  We had to request a special product from goDaddy:

Standard DV UCC/SAN/Wildcard SSL Up to 20 Domains Multiple Domain UCC/SAN/Wildcard SSL

So this is one certificate or as you put it a single multi-domain (SAN) certificate that includes all required SAN entries.

Hope this helps,
Eric

Hi Eric,

I am in a similar situation, currently implementing MAS with manually managed certificates. Based on your experience, did you proceed with a single multi-domain (SAN) certificate that includes all required SAN entries, or did you purchase separate certificates for each SAN? Additionally, which DNS and SSL provider did you use?

Best regards,
Jean

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.

This sounds odd. It should work. Are you using home.* URL (the one from Core namespace) for your mobile devices? 

Out of curiosity, has anyone gotten it working with Maximo Mobile properly? We did the Wildcard SSL with 10 SANs on it that should cover all the URLs we need, but our stuff is also behind Cloudflare and they have Lets Encrypt certificates on the external endpoints. We cannot get Maximo Mobile to connect from outside the network no matter what we've tried so far.

Hi Jean,
Sorry for the late response.  We had to request a special product from goDaddy:

Standard DV UCC/SAN/Wildcard SSL Up to 20 Domains Multiple Domain UCC/SAN/Wildcard SSL

So this is one certificate or as you put it a single multi-domain (SAN) certificate that includes all required SAN entries.

Hope this helps,
Eric

Hi Eric,

I am in a similar situation, currently implementing MAS with manually managed certificates. Based on your experience, did you proceed with a single multi-domain (SAN) certificate that includes all required SAN entries, or did you purchase separate certificates for each SAN? Additionally, which DNS and SSL provider did you use?

Best regards,
Jean

So figured out the problem with the help of IBM and goDaddy.  Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite.  This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep.  We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).   

BTW each instance of maximo requires 5 SANs if you are using just core and Manage.  If you install other products it is likely even more. 

Cheers!

Eric

Good Afternoon,

Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage.  In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager.  App Suite it's all done within OpenShift and IBM's documentation is confusing.

We currently use a wildcard cert *.domain.com  signed by goDaddy.  I assume that a wildcard cert such as the one we have covers all subdomains

Here is an example of a  MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/   

I've followed Manual certificate management 

To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure.  I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.

Any information would be appreciated.