Important

   

Starting version 8.9.03, BMC Server Automation is renamed to TrueSight Server Automation. This space contains information about BMC Server Automation 8.9.02 and previous versions. For TrueSight Server Automation 8.9.03 and later releases, see TrueSight Server Automation 8.9.

Configuring the securecert file

This topic provides an overview of the securecert file, and explains how to configure it. It includes the following sections:

About the securecert file

The securecert file stores passphrases used to encrypt the private keys for X.509 certificates. By storing passphrases in the securecert file, BMC Server Automation can access those passphrases without any user interaction. Accessing passwords non-interactively is essential for setting up secure, certificate-based communication with an Application Server. It is also necessary when using secure communication to deploy assets using repeaters (that is, with an indirect deployment).

When setting up a securecert file for:

  • An Application Server, you must provide an entry for the owner of the process that communicates securely with repeaters and servers. The owner of the process is bladmin on UNIX systems and SYSTEM on Windows.
  • A repeater, you must provide an entry for all users that communicate with servers. On UNIX systems, you must provide an entry for any users to whom other users are mapped (typically root). On Windows, you must provide an entry for the user named BMC Server AutomationRSCD.

The securecert file resides in different locations on Windows and UNIX systems, as described in the following table. On Windows, you can have multiple instances of BMC Server Automation client applications, each with their own securecert file. The following table shows how the location of the securecert file on Windows varies between the first instance and all subsequent instances.

Platform

Name and location of securecert file for first BMC Server Automation instance

Name and location of securecert file for additional instances

Solaris
Linux
AIX
HP-UX

/etc/rsc/securecert

Not applicable

Windows

<WINDIR>\rsc\securecert
For example, <WINDIR> can be \windows or \winnt.

<installDirectoryN>\NSH\conf\securecert
For example, the default location for the second instance of BMC Server Automation would be C:\Program Files\BMC Software\ BladeLogic2\NSH.

To configure the securecert file

When configuring a securecert file, you can make entries for the Application Server and repeaters.

On the Application Server, create an entry similar to the following for the owner of the process that communicates securely with repeaters and servers:

[Default]

<processOwner>=*******

where <processOwner> is bladmin for UNIX systems and SYSTEM for Windows.

You must use the secadmin utility to modify a securecert file. (For more on secadmin, see Using the secadmin utility or the man page for secadmin ). To create an entry similar to the one shown above using the secadmin utility, enter the following command:

secadmin -m default -cu bladmin -cp password

Enter the password in clear text. The secadmin utility encrypts the password.

On repeaters, create an entry similar to the following for the administrative user that communicates with servers:

[Default]
<adminUser>=*******

where <adminUser> is typically root for UNIX systems and BladeLogicRSCD for Windows. Using the secadmin utility to create the entry similar to the one shown above, enter the following command:

secadmin -m default -cu root -cp password

Was this page helpful? Yes No Submitting... Thank you

Comments