Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring the secure connection to BMC BladeLogic Server Automation

This topic provides the procedure of configuring the secure connection between BMC Release Process Management and BMC BladeLogic Server Automation

This procedure is required for BMC BladeLogic Server Automation 8.5.01.02, 8.5.01.03 or 8.5.01.04, and optional for other versions. 

Note

You can only configure the secure connection to BMC BladeLogic Server Automation for BMC Release Process Management versions 4.6.00.02 and later.

To configure the secure connection, perform all of the following procedures:

  1. Manually set up the SSL connection by creating a certificate
  2. Update BMC Application Automation utilities

Setting up the SSL connection manually by creating a certificate 

Note

For more information, see Setting up the SSL connection in the Sample Ruby Script for accessing RESTful Web Services topic.

  1. Stop the BMC Release Process Management service.
  2. Go to http://indy.fulgan.com/SSL/ and download the latest available 32- or 64-bit version of the openssl for Windows zip file. 
  3. Unpack the zip file to a directory; for example, c:\openssl.

  4. Open a terminal window and go to the openssl or RPM directory.

    Windows
    > cd c:\openssl
    UNIX
    $ cd <RLM HOME>/releases/<version>/RPM

  5. Query the self-signed certificate from the application server using the following command, where bl-appserver is the host name of your BMC BladeLogic Server Automation application server:

    Windows
    > openssl s_client -connect bl-appserver:9843
    UNIX
    $ openssl s_client -connect bl-appserver:9843

    Note

    SSL information about the application server is displayed, including the self-signed certificate.

  6. Copy the certificate text that is returned, including the text BEGIN CERTIFICATE and END CERTIFICATE.

    Click here to view sample SSL output.

    sslcert.PNG

  7. Create a file called blappserver.cer in the appropriate path and in the file, store the certificate text you copied.
    • Windows — c:\openssl\blappserver.cer
    • UNIX — <RLM HOME>/releases/<version>/RPM/blappserver.cer

  8. Convert the blappserver.cer file to a blappserver.pem file.

    Windows
    > openssl x509 -text -in blappserver.cer -out blappserver.pem
    UNIX
    $ openssl x509 -text -in blappserver.cer -out blappserver.pem
  9. Copy or move the blappserver.pem file to the appropriate folder or directory.

    • Windows — <RLM Home>\releases\<version>\RPM\lib\script_support\blappserver.pem
    • UNIX — lib/script_support/blappserver.pem

For example:

Windows
> copy c:\openssl\blappserver.pem c:Program Files\BMC Software\RLM\releases\4.6.00.01\RPM\lib\script_support\blappserver.pem
UNIX
$ mv blappserver.pem lib/script_support/blappserver.pem

Updating the BMC Application Automation utilities 

  1. Open <RLM HOME>\releases\<version>\RPM\lib\script_support\baa_utilities.rb in a text editor.

  2. At lines 20 and 22 make the following changes:

    class << self
     
    # change to true for use with BSA 8.5 SP1 Patch 2 (or Patch 3)
        # also provide correct path to certificate at CERTIFICATE_PATH
       SECURITY_MODE = false

       CERTIFICATE_PATH = '/opt/bmc/RLM/cert/blappserver.pem'
       CIPHERS = 'kEDH+AESGCM'

  3. At line 20, set value to true:

    Windows
        SECURITY_MODE = true

  4. At line 22, provide a valid path to your environment:

    Windows
    CERTIFICATE_PEM = 'C:\ Program Files\BMC Software\RLM\releases\4.6.00\RPM\lib\script_support\blappserver.pem'
    UNIX
    CERTIFICATE_PEM = '/opt/bmc/RLM/releases/4.6.00/RPM/lib/script_support/blappserver.pem'
  5. Start the BMC Release Process Management service.

Related topics

Known and corrected issues

BMC-BladeLogic-Server-Automation-8-1-x

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*