To administrate and monitor the ICM from a browser, you need an administration user. You can create this user with the program icmon. Proceed as follows.
You can do the same in the Web Dispatcher with the program wdispmon. This is however usually not necessary because when the Dispatcher is started with bootstrap option an administration user is automatically created.
As user <sid>adm go to the directory where the executables are kept and call up icmon -a pf=<instance profile>.
The following appears:
Maintain authentication file
File name (icmauth.txt):
If you are happy with the default file name, press the enter key, otherwise enter a different file name or path.
In the next menu choose a (add user to set).
Enter the user name, then the password twice, the group name, the subject of the X.509 certificate (wildcards allowed, and it can be left empty).
Subject value of client cert:CN=Muster,*
New entry locally created
The user created is in group admin, the user is therefore an administration user without administration authorization. In particular this user can create further users in the Web admin interface.
If you select another group name other than admin, create a monitoring user that can monitor, but not administrate, the ICM/Web Dispatcher.
If you want a user to be able to log on only with the X.509 client certificate, you can enter an x as the password (with queries), which makes the following entry (in the example) in file:
Choose s (save changes of set to file), to copy your changes from the local buffer to the authorization file.
Choose q, to quit the program.
You can display the users in the menu by choosing l (list users of set), though you will only see the users in the local buffer. To view the users copied to the file, look in the file or call up icmon ‑a again.
You have created a user with which you can use the Web administration interface.