Installing and Configuring the Blue Medora ITM Agent for Remote SSL Certificates

by bluemedora_editor on February 3, 2010

Welcome back! Now that we have installed the application support for the Blue Medora Agents for Remote SSL Certificates and Ping Probe, let’s see how to install and configure the actual agents on a dedicated machine. Remember, you always have the option of installing these agents on the ITM server if you prefer. Once again, we will cover this in a step by step fashion with plenty of screenshots along the way. We will begin with installing and configuring the Blue Medora Agent for Remote SSL Certificates.

— Mike Major

Agent Installation

  • Verify Application Support has been loaded into all the TEMs, TEPS, and TEPD components in your environment that the Remote SSL Certificates monitoring data will flow through.
  • A previously installed IBM ITM agent is required. In our example, ITM Windows Operating System agent v6.2 FP1+ is pre-installed to C:\IBM\ITM.
  • Ensure an IBM JRE 1.5 is installed on the system, a JAVA_HOME is set for that JRE, and that the JRE’s bin directory has been added to the PATH.

From the installation media, select the appropriate installer. Since we will be installing on a Windows platform (Windows Server 2003 in our case), run the setupwin32.exe executable.

Note: Installation on a Linux machine is essentially the exact same. Just make sure to double check your install paths.[vc_single_image image=”2114″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]The first screen appears to tell you that you are about to install the Blue Medora Agent for Remote SSL Certificates. Click Next:[vc_single_image image=”2120″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Accept the License Agreement and click Next:[vc_single_image image=”2118″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Enter the location of your existing Agent installation (CANDLEHOME) and click Next:[vc_single_image image=”2110″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Select “Perform a local install of the solution on this machine” and click Next.

Note: This screen is a bit confusing in that it indicates that it is going to add application support. When installing on a non TEMS/TEPS/TEPD server, the “Perform a local install of the solution on this machine” equates to “Install just the monitoring agent”.[vc_single_image image=”2109″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Select “Remote SSL Certificates” and click Next:[vc_single_image image=”2105″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]This screen summarizes the actions that will be taken by the installer. Click Next:[vc_single_image image=”2104″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]If all went well, you will get a successful installation message. Click Finish.[vc_single_image image=”2111″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Installation is complete. To confirm that the base Remote SSL Certificates Agent has been installed on the system click the Manage Tivoli Monitoring Services icon. It may be on your desktop or you may need to navigate to Start –> All Programs –> IBM Tivoli Monitoring folder to find it.[vc_single_image image=”2107″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]If installation was successful, you will see a Monitoring Agent for Remote SSL Certificates Template as one of the items listed under Service/Application.[vc_single_image image=”2119″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]

Alternate Installation Method: TEP based Remote Deploy

If you’ve previously added the Remote SSL Certificates agent to a TEMS Depot, you can remotely install the agent instead of performing a local installation. To perform a remote installation, navigate to the server node you want to deploy the Agent to (in our case server tw3g10 ), right-click the node and select “Add Managed System”:[vc_single_image image=”2117″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Select the Agent you want to remote deploy. We want to deploy the Remote SSL Certificates agent so select “Monitoring Agent for Remote SSL Certificates” and click OK:[vc_single_image image=”2116″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]Now, you will be shown the same ITM configuration screen as in the previous section. The only difference here is that you need to specify the instance name.

Agent ITM Configuration: Windows

Next we are going to create an agent instance. Double click on “Monitoring Agent for Remote SSL Certificates” and you will be prompted to enter a unique instance name. This should be a descriptive name that helps you identify the agent instance when viewed in the TEP and elsewhere. Enter your instance name and click OK:

Note: The Blue Medora Agent for Remote SSL Certificates is a multi-instance agent. Many administrators may find it helpful to create separate instances for their SSL certificates and their TLS certificates, or any other logical divide.[vc_single_image image=”2115″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]The following screen is where the Remote SSL Certificates basic configuration is entered. Enter the information and click Next.

A brief description of each field and the data we entered for our example follows:

Config Option Example Value Description
Instance Name Minsc The name of the Instance as it is seen in the TEP. This should already be filled in with the instance name you chose in the last step.
Data Collection Interval 1 This is the interval in which the data will be collected. In our lab environment, we’ve elected to use 1 minute.
Logging Level Warn Logging Level of the Agent. WARN is the default which we’ve selected. Use DEBUG if you are having issues.

Below is a screenshot of the configuration panel from our example Agent Instance:[vc_single_image image=”2106″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]The next screen asks for an optional certificate configuration file. This option is very handy when you have a large number of hosts to monitor. We will cover this file in a later section and skip it for now. Click Next:[vc_single_image image=”2108″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]

The next screen is where you enter the hosts whose certificates you want to monitor. Enter the information for these hosts and click OK

A brief description of each field and the data we entered for our example follows:

Config Option Example Value Description
Hostname smtp.gmail.com The hostname of the host whose certificates you would like to monitor.
Port 587 The port on which you would like to monitor.
Service Type TLS/SMTP The security protocol of the certificate used by the host. In the case of TLS, the internet standard protocol must also be specified (e.g. smpt, imap, pop).
Alias gmail This is an optional descriptive alias for the host. If no alias is entered, a default value of hostname:port will be used (e.g. smtp.gmail.com:587).

[vc_single_image image=”2113″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]You will be returned to the Manage Tivoli Enterprise Monitoring Services screen. To start the Agent instance, right click the agent instance and select Start.

Agent ITM Configuration: Linux

Let’s create an agent instance on Linux. First, you will need to run the itmcmd command that is located in the CANDLEHOME/bin/ directory (in our case /opt/IBM/ITM/bin/):

./itmcmd config -A {product code}

Where {product code} is the product code for the agent (b4 for the Blue Medora Agent for Remote SSL Certificates).

Now you will be asked to enter a unique instance name. This should be a descriptive name that helps you identify the agent instance when viewed in the TEP and elsewhere. Enter your instance name:

Agent configuration started... Enter instance name (default is: ): Minsc

You will be asked if you’d like to edit the “Monitoring Agent for Remote SSL Certificates” settings. Choose “1” or just hit enter to use the default:

Edit "Monitoring Agent for Remote SSL Certificates" settings? [ 1=Yes, 2=No ] (default is: 1): 1

Now you will be asked if you’d like to edit the “Basic Configuration” settings. Choose “1” for yes and enter the information.

A brief description of each field and the data we entered for our example follows:

Config Option Example Value Description
Data Collection Interval 1 This is the interval in which the data will be collected. In our lab environment, we’ve elected to use 1 minute.
Logging Level Warn Logging Level of the Agent. WARN is the default which we’ve selected. Use DEBUG if you are having issues.

Edit 'Basic Configuration' settings? [ 1=Yes, 2=No ] (default is: 1): 1 Data collection interval (in minutes) (default is: 1440): 1 Logging Level of the agent [ 1=Debug, 2=Info, 3=Warn, 4=Error, 5=Fatal ] (default is: 3): 3

We’re asked if we’d like to edit “Optional Cert Config File” settings. Again, we will cover the optional certificate configuration file below. Choose “2” for no right now:

Edit 'Optional Cert Config File' settings? [ 1=Yes, 2=No ] (default is: 1): 2

We’re asked if we’d like to edit “Remote X.509 Certificates” settings. Choose “1” for yes. We can now add, edit or delete hosts whose certificates we’d like to monitor. Enter all hosts you’d like to monitor.

A brief description of each field and the data we entered for our example follows:

Config Option Example Value Description
Hostname smtp.gmail.com The hostname of the host whose certificates you would like to monitor.
Port 587 The port on which you would like to monitor.
Service Type TLS/SMTP The security protocol of the certificate used by the host. In the case of TLS, the internet standard protocol must also be specified (e.g. smpt, imap, pop).
Alias gmail This is an optional descriptive alias for the host. If no alias is entered, a default value of hostname:port will be used (e.g. smtp.gmail.com:587).

Edit 'Remote X.509 Certificates' settings? [ 1=Yes, 2=No ] (default is: 1): 1 No 'Remote X.509 Certificates' settings available? Edit 'Remote X.509 Certificates' settings, [1=Add, 2=Edit, 3=Del, 4=Next, 5=Exit] (default is: 4): 1 Hostname (default is: ): smtp.gmail.com Port (default is: ): 587 Service Type [ 1=SSL, 2=TLS/SMTP ] (default is: 1): 2 Alias (default is: ): gmail
'Remote X.509 Certificates' settings: Hostname=smtp.gmail.com Edit 'Remote X.509 Certificates' settings, [1=Add, 2=Edit, 3=Del, 4=Next, 5=Exit] (default is: 4): 5

When asked if this agent will connect to a TEMS, choose “1” for yes and enter the hostname for your ITM server. Then enter your network protocol information:

Will this agent connect to a TEMS? [1=YES, 2=NO] (Default is: 1): 1 TEMS Host Name (Default is: tr4g10): tw3g10
Network Protocol [ip, sna, ip.pipe or ip.spipe] (Default is: ip.pipe):
Now choose the next protocol number from one of these: - ip - sna - ip.spipe - 0 for none Network Protocol 2 (Default is: 0): IP.PIPE Port Number (Default is: 1918): Enter name of KDC_PARTITION (Default is: null):
Configure connection for a secondary TEMS? [1=YES, 2=NO] (Default is: 2): Enter Optional Primary Network Name or 0 for "none" (Default is: 0): Agent configuration completed...

Your configuration is now complete! Start the agent instance by using the following command:

./itmcmd agent -o {instance name} start {product code}

Where {instance name} is the instance name you entered and {product code} is the product code for the instance (e.g. b4 for the Blue Medora Agent for Remote SSL Certificates).

Agent Certificate File Configuration

To configure an agent using the optional certificate configuration file, you first need enter the host information into a CSV file. An example file is provided with the agent, so you can simply open that and plug away.

Note: You should rename this file. If you update the agent, the default file will be overwritten if it is not renamed.

A brief description of each field and the data we entered for our example follows:

Config Option Example Value Description
Hostname smtp.gmail.com The hostname of the host whose certificates you would like to monitor.
Port 587 The port on which you would like to monitor.
Service Type TLS/SMTP The security protocol of the certificate used by the host. In the case of TLS, the internet standard protocol must also be specified (e.g. smpt, imap, pop). In the configuration file, the service type is optional. If it is not specified, SSL with be used by default.
Alias gmail This is an optional descriptive alias for the host. If no alias is entered, a default value of hostname:port will be used (e.g. smtp.gmail.com:587).

Below is the file we used in our example:[vc_single_image image=”2112″ alignment=”center” border_color=”grey” img_link_large=”” img_link_target=”_self” img_size=”full”]After completing the configuration file, simply create a new instance by following the steps in the appropriate section above for your platform. When prompted for the configuration file, enter the fully qualified path for the file you just created. You do not have to enter any hosts directly into the ITM configuration (but you may do so if you desire).

Conclusion

Congratulations! You’ve successfully installed the Blue Medora Agent for Remote SSL Certificates. In the next blog post, we will use the agent to solve real problems that often come up in an enterprise.

If you have any questions regarding this post, the Remote SSL Certificates Agent or anything else related to Blue Medora ITM Agents, feel free to drop me a line directly at:mike.major@bluemedora.com[vc_column width=”1/3″ el_class=”sidebar”][ultimatesocial_false count=”” align=”left” skin=”default” share_text=”Share: ” networks=”facebook, twitter, linkedin, reddit”]

Get started

Try BindPlane for free. No credit card required.

Sign up
True Visibility
BindPlane for VMware vRealize Operations

True Visibility allows cloud management teams to use VMware vRealize’s powerful machine learning and capacity planning engine across their entire hybrid cloud environment.

Azure Monitor...everything
BindPlane for Microsoft Azure Monitor

Make Azure Monitor your first-pane-of-glass across your entire multi-cloud, multi-database or hybrid platform environment.

Thank you for contacting us. Your information was received. We'll be in touch shortly.