Unsupported content

   

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Enabling secure communication with BMC Atrium Orchestrator

To secure the communication of data between BMC Server Automation and BMC Atrium Orchestrator, you must enable an HTTPS connection on both products as instructed in the following procedures.


Note

This optional task is relevant also when setting up a connection to BMC Atrium Orchestrator for the creation of Workflow Jobs through the BMC Server Automation Console. For more information, see Creating and modifying Workflow Jobs.

The keytool command used in the following procedures is a key and certificate management utility that is provided with the Java Runtime Environment (JRE). It is typically located in the Java (JRE) bin directory. To use keytool commands on Windows platforms, you must run the commands with elevated rights or administrator rights.

  The required steps vary, based on the decisions that you made regarding the BMC Atrium Orchestrator version during its installation. Use the following approach for your BMC Atrium Orchestrator setup:

Enabling HTTPS support on BMC Atrium Orchestrator


  1. On the system where the BMC Atrium Orchestrator CDP is installed, create the keystore file by entering a command such as the following example:

    keytool -genkey -alias w2k3-sp-vm5 -dname "cn=w2k3-sp-vm5" -keyalg RSA 
    -keystore C:<BAOtomcatServerDirectory>\conf\.keystore -storepass changeit


    The value entered for the -dname option must match the host name where the BMC Atrium Orchestrator CDP is installed. In this example, the value is w2k3-sp-vm5.
    If you are using a UNIX/Linux system, the default keystore file location is $<BAOinstallationDirectory>/cdp/tomcat/conf/.keystore.

  2. Enable HTTPS on an Apache Tomcat server by completing the following steps:
    1. Open the server.xml file.
    2. Uncomment the following block of configuration information and add the keystoreFile and truststoreFile attributes as follows:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS"
      keystoreFile="C:<BAOtomcatServerDirectory>\conf\.keystore" truststoreFile=
      "C:\Program Files\Java\jdk1.5.0_13\jre\lib\security\cacerts" />

      The keystoreFile attribute to point to the location where the keystore file resides.
      The truststoreFile attribute to point to the CA-issued certs in the JDK installation location.

  3. Restart the BMC Atrium Orchestrator CDP.

Enabling HTTPS support for BMC Atrium Orchestrator on BMC Server Automation


  1. If BMC Atrium Orchestrator is installed on a different computer, copy the C:<BAOtomcatServerDirectory>\conf\.keystore file from the BMC Atrium Orchestrator CDP system to the system where the BMC Server Automation application server is installed.
  2. On the system where the BMC Server Automation application server is installed, export the public certificate from the keystore file generated for BMC Atrium Orchestrator to a temporary file by entering the following command:

    keytool -export -alias <alias> -file <file> -keystore <keystore> -storepass changeit

    In this command, note the following:

    • <alias> is the name used to distinguish certificates.
    • <file> is the name and location of the certificate file that will be created from this command.
    • <keystore> is the name and location of the keystore file that you created for BMC Atrium Orchestrator.
      If you are using a UNIX/Linux system, the default keystore file location is $<BAOinstallationDirectory>/cdp/tomcat/conf/.keystore.

    For example:

    keytool -export -alias w2k3-sp-vm5 -file C:\cert.csr
    -keystore C:<BAOtomcatServerDirectory>\conf\.keystore -storepass changeit
    
    keytool -export -alias tomcat -file D:\Data\BAO\bao.csr 
    -keystore "C:\Program Files\BMC\BAO\CDP\tomcat\conf\.keystore" -storepass changeit
  3. Add the public certificate from the temporary file to the trusted certificate file by entering a command such as the following example:

    keytool -import -alias w2k3-sp-vm5 -file C:\cert.csr
    -keystore "<keystorePath>" -storepass changeit
    
    keytool -import -alias bao.dem.bmc.local -file D:\Data\BAO\bao.csr 
    -keystore "C:\Program Files\BMC\BladeLogic\appserver\NSH\jre\lib\security\cacerts" 
    -storepass changeit

    Note that the keystore path in this example is a typical default path. This path might differ, depending on the exact details of your installation. The keystore path also depends on the type of operating system:

    • Linux — For a Linux Application Server use the <installationDirectory>/NSH/br/java/lib/security/cacerts file (for example /opt/bmc/bladelogic/NSH/br/java/lib/security/cacerts) to install certificates.
    • Windows — For a Windows Application Server, refer to the path shown in the registry value for SOFTWARE>BladeLogic> Operations Manager >Application Server>-Djava.home. Within this path, look for the lib\security\cacerts file. This is the directory into which you install the certificates.
  4. To check if the certificate is added to the cacerts file, enter the following command:

    keytool -list -keystore <keystorePath> -storepass changeit
  5. Restart the BMC Server Automation Application Server.

Was this page helpful? Yes No Submitting... Thank you

Comments