Enabling HTTPS support for the BMC Atrium Orchestrator connection

To secure the communication of data between BMC Server Automation and BMC Atrium Orchestrator, you must enable an HTTPS connection on both products as instructed in the following procedures.

To enable HTTPS support on BMC Atrium Orchestrator

1. On the system where the BMC Atrium Orchestrator CDP is installed, create the keystore file by entering a command such as the following example:

   keytool -genkey -alias w2k3-sp-vm5 -dname "cn=w2k3-sp-vm5" -keyalg RSA 
   -keystore C:\.keystore -storepass changeit

   
   The value entered for the -dname option must match the host name where the BMC Atrium Orchestrator CDP is installed. In this example, the value is w2k3-sp-vm5.

2. Enable HTTPS on an Apache Tomcat server by completing the following steps:
   1. Open the server.xml file.

   2. Uncomment the following block of configuration information and add two attributes as follows:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS"
      keystoreFile="C:\.keystore" truststoreFile=
      "C:\Program Files\Java\jdk1.5.0_13\jre\lib\security\cacerts" />

      The keystoreFile attribute to point to the location where the keystore file resides.
      The truststoreFile attribute to point to the CA-issued certs in the JDK installation location.

3. Restart the BMC Atrium Orchestrator CDP.

To enable HTTPS support for BMC Atrium Orchestrator on BMC Server Automation

1. If BMC Atrium Orchestrator is installed on a different computer, copy the C:\.keystore file from the BMC Atrium Orchestrator CDP system to the system where the BMC Server Automation application server is installed.

2. On the system where the BMC Server Automation application server is installed, export the public certificate from the keystore file generated for BMC Atrium Orchestrator to a temporary file by entering a command such as the following example:

   keytool -export -alias w2k3-sp-vm5 -file C:\cert.csr
   -keystore C:\.keystore -storepass changeit
   

   In the command shown above, note the following:

   • <file> is the name and location of the certificate file that will be created from this command.
   • <keystore> is the keystore file name and location that you created for BMC Atrium Orchestrator.
   • <alias> is the name used to distinguish certificates.

3. Add the public certificate from the temporary file to the trusted certificate file by entering a command such as the following example:

   keytool -import -alias w2k3-sp-vm5 -file C:\cert.csr
   -keystore "<keystorePath>" -storepass changeit

   where <keystorePath>is one of the following, depending on operating system:

   • (Linux) — For a Linux Application Server use <installationDirectory>/NSH/br/java/lib/security/cacerts (for example /opt/bmc/bladelogic/NSH/br/java/lib/security/cacerts) to install certificates.
   • (Windows) — For a Windows Application Server, refer to the path shown in the registry value for SOFTWARE>BladeLogic> Operations Manager >Application Server>-Djava.home. Within this path, look for the lib/security/cacerts directory. This is the directory into which you install the certificates.

4. To check if the certificate is added to the cacerts file, enter the following command:

   keytool -list -keystore <keystorePath>

5. Restart the BMC Server Automation Application Server.