Importing certificates into BMC Atrium Orchestrator Platform components after upgrades
The imports described on this page are only needed if the certificates being used are not issued by a certificate authority that is already trusted.
Importing Remedy Single Sign-On certificate files to the repository truststore
After upgrading the BMC Atrium Orchestrator platform repository, you need to add the Remedy Single Sign-On certificates to the repository truststore (Located at %REPO_HOME%/jvm/lib/security/cacerts).
Before you perform the following steps, ensure that you copy the certificates from Remedy Single Sign-On, and place them in your environment. Whether to import root, intermediate, and host certificates varies based upon the provider.
For details about working setting up security with Remedy Single Sign-On, see Remedy SSO Security planning.
To import the certificates
Run the following command to import the root certificate.
%REPO_HOME%/jvm/bin>keytool -importcert -alias myrootcertificate-certificate-provider -trustcacerts -file %root_certificate_location%/root-certificate -keystore %trust_store_location%/truststoreRun the following command to import the intermediate certificate.
%REPO_HOME%/jvm/bin>keytool -importcert -alias myintermdiate-certificate-provider -trustcacerts -file %intermediate_certificate_location%/intermediate-certificate -keystore %trust_store_location%/truststoreRun the following command to add or import the host certificate.
%REPO_HOME%/jvm/bin>keytool -importcert -alias myhostcertificate-certificate-provider -trustcacerts -file %host_certificate_location%/host-certificate -keystore %trust_store_location%/truststore
Importing repository certificate files after upgrading CDP
After you upgrade the CDP, the root certificate gets copied from the repository cacerts file to the jssecacerts file (located at %CDP_HOME%/jvm/lib/security/jssecacerts).
To verify that entry in the jssecacerts file is created, run the following command.
%CDP_HOME%/jvm/bin>keytool -list -v keystore ../lib/security/jssecacerts > %outputfile_location%/test.txt- When you open the test.txt file an entry for root certificate in the jssecacerts file is visible.
You can manually import intermediate certificate into the jssecacerts file using the same command, as described in Adding certificate files while upgrading the repository.
Importing certificate files after upgrading other peers
The HTTPS certificate for each of the servers listed needs to be copied to the trust store (cacerts and jssecacerts) of each of the paired clients. The following table lists the BMC Atrium Orchestrator client/server communication relationships for each type of component.
Client relationships
Client | Server |
---|---|
CDP | Repository, HA-CDP (in a high-availability environment), CDP (for Orca and Legacy web services) |
HA-CDP | Repository, CDP |
Repository | Repository |
AP | CDP, AP (for Legacy web services) |
LAP | CDP |
BMC Atrium Orchestrator Development Studio | Repository, CDP |
BMC Atrium Orchestrator Operator Control Panel | CDP |