Configuring the secure connection to BMC BladeLogic Server Automation
This topic provides the procedure of configuring the secure connection between BMC Release Process Management and BMC BladeLogic Server Automation
This procedure is required for BMC BladeLogic Server Automation 8.5.01.02, 8.5.01.03 or 8.5.01.04, and optional for other versions.
Note
You can only configure the secure connection to BMC BladeLogic Server Automation for BMC Release Process Management versions 4.6.00.02 and later.
To configure the secure connection, perform all of the following procedures:
- Manually set up the SSL connection by creating a certificate
- Update BMC Application Automation utilities
Setting up the SSL connection manually by creating a certificate
Note
For more information, see Setting up the SSL connection in the Sample Ruby Script for accessing RESTful Web Services topic.
- Stop the BMC Release Process Management service.
- Go to http://indy.fulgan.com/SSL/ and download the latest available 32- or 64-bit version of the openssl for Windows zip file.
- Unpack the zip file to a directory; for example, c:\openssl.
Open a terminal window and go to the openssl or RPM directory.
Windows> cd c:\openssl
UNIX$ cd <RLM HOME>/releases/<version>/RPM
Query the self-signed certificate from the application server using the following command, where bl-appserver is the host name of your BMC BladeLogic Server Automation application server:
Windows> openssl s_client -connect bl-appserver:9843
UNIX$ openssl s_client -connect bl-appserver:9843
Note
SSL information about the application server is displayed, including the self-signed certificate.
Copy the certificate text that is returned, including the text BEGIN CERTIFICATE and END CERTIFICATE.
- Create a file called blappserver.cer in the appropriate path and in the file, store the certificate text you copied.
- Windows — c:\openssl\blappserver.cer
- UNIX — <RLM HOME>/releases/<version>/RPM/blappserver.cer
Convert the blappserver.cer file to a blappserver.pem file.
Windows> openssl x509 -text -in blappserver.cer -out blappserver.pem
UNIX$ openssl x509 -text -in blappserver.cer -out blappserver.pem
Copy or move the blappserver.pem file to the appropriate folder or directory.
Windows — <RLM Home>\releases\<version>\RPM\lib\script_support\blappserver.pem
UNIX — lib/script_support/blappserver.pem
For example:
> copy c:\openssl\blappserver.pem c:Program Files\BMC Software\RLM\releases\4.6.00.01\RPM\lib\script_support\blappserver.pem
$ mv blappserver.pem lib/script_support/blappserver.pem
Updating the BMC Application Automation utilities
Open <RLM HOME>\releases\<version>\RPM\lib\script_support\baa_utilities.rb in a text editor.
At lines 20 and 22 make the following changes:
class << self # change to true for use with BSA 8.5 SP1 Patch 2 (or Patch 3) # also provide correct path to certificate at CERTIFICATE_PATH SECURITY_MODE = false CERTIFICATE_PATH = '/opt/bmc/RLM/cert/blappserver.pem' CIPHERS = 'kEDH+AESGCM'
At line 20, set value to true:
WindowsSECURITY_MODE = true
At line 22, provide a valid path to your environment:
WindowsCERTIFICATE_PEM = 'C:\ Program Files\BMC Software\RLM\releases\4.6.00\RPM\lib\script_support\blappserver.pem'
UNIXCERTIFICATE_PEM = '/opt/bmc/RLM/releases/4.6.00/RPM/lib/script_support/blappserver.pem'
- Start the BMC Release Process Management service.
Comments
Log in or register to comment.