Authenticating with a Grid Client Certificate to the Grid Management Pages

As an example of connecting with a grid client certificate, we will describe how to use this method when accessing the HTML-based Grid Management Pages over HTTPS. This is particularly useful when grid-admin access is needed and there are no users with the grid-admin role set up via the role mappings page.

For more information about the HTML-based Grid Management Pages, see the Infor ION Grid Administration Guide.

  1. Create a grid client keypair and certificate with the grid-admin role, by using the console command create=clientcert. Use the options –role grid-admin and –keystoretype=pkcs12, along with the other required and desired options. For complete syntax, see Console tool guide.

    A keystore with the extension .p12 will be created in the client keystore directory. Remember the password entered to generate the keystore.

  2. Import the generated client keystore into the appropriate location. This will differ depending on the system and browser you are using. For Windows and Microsoft Edge or Chrome, do the following:
    1. Double-click the .p12 keystore to open the Certificate Import Wizard.
    2. When asked to enter the password for the private key, enter the password given in step 1.
  3. Configure a grid router for HTTPS with client authentication:
    1. In the Configuration Manager, select Communication > Routers and then select the router to configure.
    2. In the HTTPS configuration area, make sure that the Port field has a value.
    3. In the HTTPS configuration area, make sure that the HTTPS Authentication Type is set to either "Clients may authenticate with certificate" or "Clients must authenticate with certificate."
    4. If the configuration was changed, restart the router.
  4. With the appropriate browser, navigate to the following URL: https://server:port/grid/ui

    where server is the name of the server hosting the grid router configured in step 2, and port is the HTTPS port for that router. A grid session will be created, based on the information in the client certificate.