Creating a self-signed client-side certificate on the Application Server (UNIX)

Use this procedure to create a file called id.pem, which contains the self-signed certificate for the Application Server and the private key associated with the certificate. Then add the passphrase used to encrypt the private key to the securecert file on the Application Server.

BMC Server Automation does not load the certificate if group or world permissions are set for the id.pem file or the .bladelogic directory, where the id.pem file is generated.

To create a self-signed client-side certificate on the Application Server

  1. Log into the UNIX system on the Application Server as root, and then enter the following command: 
    su - bladmin 
    This command logs you in as the bladmin user.
  2. Enter the following command: 
    After entering the command, you are prompted to provide and then confirm a passphrase. This passphrase is used to encrypt the private key in the id.pem file. The id.pem file is created in the <bladminUserHome>/.bladelogic directory. On UNIX, the Application Server runs as the bladmin user.
  3. Enter exit to revert back to the root user.
  4. Update the securecert file (contained in the /etc/rsc directory) to contain an encoded copy of the passphrase. To accomplish this, use Network Shell to enter the following: 
    secadmin -m default -cu bladmin -cp <passPhrase> 
    After issuing this command, the contents of the securecertfile are updated so they are similar to the following. The encoded passphrase varies.

  5. Ensure that access is restricted to the id.pem file and the .bladelogicdirectory by running the following commands:

    chmod 700 /opt/bmc/bladelogic/NSH/br/.bladelogic
    chmod 600 /opt/bmc/bladelogic/NSH/br/.bladelogic/id.pem

Was this page helpful? Yes No Submitting... Thank you