Steps:

Create Cert venafi provided csr

Common name - corba-spectrum

Nickname <your choice>

all fqdns and hostnames as SANs in Certificate

download as PKCS12 - with private key (supply pwd)

view contents with openssl pkcs12 -info -in <server>.pfx -nodes

create cert0 cert1 cert2 key files based on the above output (cert0 server cert, last cert root)

ENSURE /spectrum/custom/VBNS/identities/corba-spectrum (Or whatever the name of the directory created in identities/) directory is created on all SERVERs

password is needed in tomcat/webapps/spectrum/META-INF/context.xml, /spectrum/.jcorbarc and .corbarc

>>>> Copy .jcorbarc .corbarc .jcorbrc & .corbrc (make backups)

copy cert0 cert1 cert2 & key to /spectrum/custom/VBNS/identities/corba-spectrum on all servers (OC and SS)

Copy cert2 to SPECROOT\custom\VBNS\trustpoints, in all the SpectroSERVERS and OneClick. (root cert2)

scp /spectrum/custom/VBNS/identities/corba-spectrum/cert2 <server>:/spectrum/custom/VBNS/trustpoints

OneClick Server:
In the SPECROOT\tomcat\webapps\spectrum\META-INF\context.xml file, perform the following configurations:

Update the vbroker.security.wallet.identity value as corba-spectrum.

Update the vbroker.security.wallet.password property .

SpectroSERVER: In the .corbrc, .corbarc, .jcorbarc, and .jcorbrc files located at SPECROOT, perform the following configurations:

Update the vbroker.security.wallet.identity value as corba-spectrum.

Update the vbroker.security.wallet.password property.

Use Secure CORBA (TLS) for Spectrum Communication

Set this to Yes in Spectrum Communication web page

Restart the OneClick console for which cert was generated

Restart MLS

Confirm port 1401x now used between

Check OneClick GUI to confirm MLS is “Normal” in OneClick just updated

Stop processd and start processd in SpectroSERVERS remaining

Start SpectroSERVERS

Stop processd and start processd in OneClick servers.