×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
(archive) BMC Atrium Orchestrator Platform 7.7 Upgrading

Importing certificates into BMC Atrium Orchestrator Platform components after upgrade

The imports described on this page are only needed if the certificates being used are not issued by a certificate authority that is already trusted

 

Note

These instructions are intended for use with upgrades from 7.6.03, in which Atrium SSO was not used.

If you run into problems during the BMC Atrium Single Sign-On upgrade (for example, if you see a message that agent registration failed), see Troubleshooting BMC Atrium Single Sign-On problems

If you are converting your environment from HTTP to HTTPS, complete the procedures in Configuring BMC Atrium Orchestrator to use HTTPS before performing the procedures in this page.



Importing BMC Atrium Single Sign-On certificate files to the repository truststore

After upgrading BMC Atrium Orchestrator platform repository 7.6.x to 7.7.02, you need to add the BMC Atrium Single Sign-On certificates to the repository truststore (Located at %REPO_HOME%/jvm/lib/security/cacerts).

Before you perform the following steps, ensure that you copy the certificates from BMC Atrium Single Sign-On, and place them in your environment. Whether to import root, intermediate, and host certificates varies based upon the provider.  

Note

If BMC Atrium Single Sign-On server is using a certificate issued by a certificate authority (CA) that is already represented in the repository cacerts file, then you need not import root and intermediate certificates.

To import the certificates

  1. Run the following command to import the root certificate.

    %REPO_HOME%/jvm/bin>keytool -importcert -alias myrootcertificate-certificate-provider -trustcacerts -file %root_certificate_location%/root-certificate -keystore %trust_store_location%/trutstore

  2. Run the following command to import the intermediate certificate.

    %REPO_HOME%/jvm/bin>keytool -importcert -alias myintermdiate-certificate-provider  -trustcacerts -file %intermediate_certificate_location%/intermediate-certificate -keystore %trust_store_location%/trutstore

  3. Run the following command to add or import the host certificate.

    %REPO_HOME%/jvm/bin>keytool -importcert -alias myhostcertificate-certificate-provider  -trustcacerts -file %host_certificate_location%/host-certificate -keystore %trust_store_location%/trutstore

    Note

    If you have different certificates for individual host components such as BMC Atrium Single Sign-On or the repository, then you need to add the host certificate to the truststore file.

Importing repository certificate files after upgrading CDP

After you upgrade CDP from 7.6.x to 7.7.02, the root certificate gets copied from the repository cacerts file to jssecacerts (located at %CDP_HOME%/jvm/lib/security/jssecacerts) file.

  1. To verify that entry in jssecacerts file is created, run the following command.

    %CDP_HOME%/jvm/bin>keytool -list -v keystore ../lib/security/jssecacerts > %outputfile_location%/test.txt

     

  2. When you open the test.txt file an entry for root certificate in the jssecacerts file is visible.
    You can manually import intermediate certificate into jssecacerts file by using the same command as described in Adding certificate files while upgrading the repository.

Importing certificate files after upgrading other peers

The HTTPS certificate for each of the servers listed needs to be copied to the trust store (cacerts and jssecacerts) of each of the paired clients. The following table lists the BMC Atrium Orchestrator client/server communication relationships for each type of component.

Client relationships

Client 

Server

CDPRepository, HA-CDP (in a high-availability environment), CDP (for Orca and Legacy web services)

HA-CDP

Repository, CDP

Repository

Repository

Note

In environments that have multiple repositories, each repository needs to import the certificate of the repository with which it will communicate.

AP

CDP, AP (for Legacy web services)

LAP

CDP

BMC Atrium Orchestrator Development Studio

Repository, CDP

BMC Atrium Orchestrator Operator Control Panel

CDP

CDP, AP

Graphing Server

BMC Atrium Orchestrator DashboardCDP
Was this page helpful? Yes No Submitting... Thank you
Last modified by Dorothy Poole on Mar 11, 2016
service_pack2 contributor-updated

Comments

Log in or register to comment.

Executing a silent upgrade
Integrating
© Copyright 2013-2017 BMC Software, Inc.
© Copyright 2013-2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.