Configuring the securecert file
This topic provides an overview of the securecert file, and explains how to configure it. It includes the following sections:
About the securecert file
The securecert file stores passphrases used to encrypt the private keys for X.509 certificates. By storing passphrases in the securecert file, BMC Server Automation can access those passphrases without any user interaction. Accessing passwords non-interactively is essential for setting up secure, certificate-based communication with an Application Server. It is also necessary when using secure communication to deploy assets using repeaters (that is, with an indirect deployment).
When setting up a securecert file for:
- An Application Server, you must provide an entry for the owner of the process that communicates securely with repeaters and servers. The owner of the process is bladmin on UNIX systems and SYSTEM on Windows.
- A repeater, you must provide an entry for all users that communicate with servers. On UNIX systems, you must provide an entry for any users to whom other users are mapped (typically root). On Windows, you must provide an entry for the user named BMC Server AutomationRSCD.
The securecert file resides in different locations on Windows and UNIX systems, as described in the following table. On Windows, you can have multiple instances of BMC Server Automation client applications, each with their own securecert file. The following table shows how the location of the securecert file on Windows varies between the first instance and all subsequent instances.
Name and location of securecert file for first BMC Server Automation instance
Name and location of securecert file for additional instances
To configure the securecert file
When configuring a securecert file, you can make entries for the Application Server and repeaters.
On the Application Server, create an entry similar to the following for the owner of the process that communicates securely with repeaters and servers:
<processOwner> is bladmin for UNIX systems and SYSTEM for Windows.
You must use the
secadmin utility to modify a securecert file. (For more on
secadmin, see Using the
secadmin utility or the man page for
secadmin ). To create an entry similar to the one shown above using the
secadmin utility, enter the following command:
secadmin -m default -cu bladmin -cp password
Enter the password in clear text. The
secadmin utility encrypts the password.
On repeaters, create an entry similar to the following for the administrative user that communicates with servers:
<adminUser> is typically root for UNIX systems and BladeLogicRSCD for Windows. Using the
secadmin utility to create the entry similar to the one shown above, enter the following command:
secadmin -m default -cu root -cp password