Creating a self-signed client-side certificate on the Application Server (Windows)

Use this procedure to create a file called id.pem, which contains the self-signed certificate for the Application Server and the private key associated with the certificate. Then add the passphrase used to encrypt the private key to the securecert file on the Application Server.

To create a self-signed client-side certificate on the Application Server

  1. Log into a Windows Application Server as Administrator.
  2. Create a directory called C:\<WINDIR>\rsc\certs\SYSTEM
    In the path shown above, <WINDIR> is typically windows
  3. Using a command line, generate a self-signed Application Server certificate by entering the following: 
    bl_gen_ssl -appcert 
    After you enter the command, you are prompted to provide and then confirm a passphrase. This passphrase is used to encrypt the private key in the id.pem file. The id.pem file is created in the C:\<WINDIR>\rsc\certs\SYSTEM directory. 
  4. Update the securecert file to include an encoded copy of the passphrase. To accomplish this, use the command line to enter the following: 
    secadmin -m default -cu SYSTEM -cp <passPhrase> 
    After issuing this command, the contents of the securecert file are updated to appear similar to the following. The encoded passphrase varies.


    For the initial installation of BMC Server Automation, you can find the securecert file in the C:\<WINDIR>\rsc directory. If additional instances of BMC Server Automation are installed, you can find securecert in <installDirectoryN>\NSH\conf\securecert. For example, the default location for the second instance of BMC Server Automation would be C:\Program Files\BMC Software\BladeLogic2\NSH.

Was this page helpful? Yes No Submitting... Thank you