Generating a self-signed certificate for an Application Server
Performing this procedure generates a 2048-bit RSA key and a self-signed certificate for an Application Server. The certificate is valid for three years, and it is stored under the "blade" alias.
To generate a self-signed certificate for an Application Server
blmkcert CN= <hostname> <jksFileName> <password>
The command shown above has the following parameters:
<hostname>— Typically set to the host name where you are generating the certificate.
<jksFileName>— The full path to the keystore file that you are generating. This file should be stored in the /deployments directory for the Application Server that is being updated, such as <installDirectory>/br/deployments.
<password>— A password used to encrypt the generated keystore file.
For example, if you are generating a self-signed certificate on a Windows server called winappserver1, you might enter a command similar to the following:
blmkcert CN=winappserver1 "C:\Program Files\BMC Software\BladeLogic\NSH\br\deployments\bladelogic.keystore" ********
If you are replacing an existing certificate, typically after the existing certificate has expired, this command overwrites the existing bladelogic.keystore file on the Application Server. From <installDirectory>/bin, enter the following command:
- If you are replacing an existing certificate, typically after the existing certificate has expired, perform the following additional steps:
- Stop the Application Server.
Run the following commands if the file name or password are different from those used when the Application Server was installed:
blasadmin -a set appserver certstore bladelogic.keystore blasadmin -a set appserver certpasswd <keystorePassword>
- Remove the existing certificate at each of the RCP clients that are associated with the Application Server.
- Start the Application Server.
- The first time that you connect to each of these RCP clients, you are informed that a new certificate has arrived from the Application Server. Accept the new certificate.
- If you are using a multi-Application Server environment, copy the JKS file you generated in step 1 from this Application Server to all cooperating Application Servers. If a new password is needed, update the password for each cooperating Application Server. For information about this process, see Synchronizing keystore files of multiple Application Servers.