Skip to Main Content
Return to Navigation

Setting Up SSL

This section discusses how to:

Setting Up SSL Between Agents and Performance Monitor

This configuration encrypts data that is sent from the agents to the Performance Monitor.

To set up SSL between agents and Performance Monitor:

  1. Install a digital root certificate on the web server.

    A digital root certificate from a trusted certificate authority (CA) must be installed on the web server that is hosting the monitor URL.

    Note: If the root certificate that is installed on your monitoring web server is from a nonstandard CA, then a copy of that certificate must be installed in the application server key store for the monitored databases. The agents load this certificate when they start.

  2. Specify https for the Monitor URL.

    • Select select PeopleTools, then select Performance Monitor, then select Administration, then select Specify Monitor.

    • Enter the URL that is specified for the Monitor URL beginning with https.

Setting Up SSL Between Performance Monitor and PSPPMSRV and Monitor Cluster Members

This configuration encrypts the PPMI user ID and password when it is passed to the monitor and communication between monitor cluster members. Performance data that is published by the monitor is not encrypted.

To set up SSL between Performance Monitor and PSPPMSRV and between cluster members:

  1. Install a digital root certificate on the web server.

    A digital root certificate from a trusted CA must be installed on the web server that is hosting the monitor URL.

  2. Specify HTTPS for the PPMI URL.

    • Select PeopleTools, Performance Monitor, Administration, Global Administration.

    • Enter the URL that is specified for the PPMI URL beginning with https. If you elect to use PSPPMSRV as the PPMI client, only the communication from the PSPPMSRV to the PPMI servlet is encoded.

  3. Specify HTTPS for the member servlet URLs in the Global Administration page.

Note: If the root certificate that is installed on your monitoring web server is from a nonstandard CA, then a copy of that certificate must be installed in the application server key stores for the monitoring databases.