Applying Remedy Single Sign-On Server private certificate to the TrueSight Presentation Server


Scenario A

Following the installation of the Remedy Single Sign-On Server, you can obtain the Remedy Single Sign-On Server certificate and enter the details about the certificate during the installation of the TrueSight Presentation Server, as described in the following table:

Step # Description
A-1

Ensure that the Remedy Single Sign-On Server is installed. For more information, see Installing Remedy SSO.

A-2

Obtain the Remedy Single Sign-On Server private certificate by performing the following steps:

Important information

If the Remedy Single Sign-On Server certificate is already available, skip the certificate creation step and directly copy the certificate to a directory location on a computer where you are planning to install the Presentation Server.

  Perform the following sequence of steps to create signed certificate for the Remedy Single Sign-On Server

BMC Recommendation

BMC recommends that you to keep the obtained certificates in a central location on the Presentation Server for ease of use. For example, copy the Remedy Single Sign-On Server certificate to the C:\temp\certificates directory. 

A-3 Enter the certificate directory location and the Remedy Single Sign-On server signed certificate file name during the Presentation Server installation. For example, you can specify C:\temp\certificates as the certificate directory location and RemedySSO.cer as the certificate file name. For more information, see Performing the Presentation Server installation.

Scenario B

When both the Remedy Single Sign-On Server and the TrueSight Presentation Server are already installed, you can obtain the Remedy Single Sign-On Server certificate and copy it to the TrueSight Presentation Server computer and import the certificate into the Presentation Server truststore, as described in the following table:

Step # Description
B-1

Ensure that the Remedy Single Sign-On Server is installed. For more information, see Installing Remedy SSO

B-2 Ensure that the Presentation Server installed. For more information, see Performing the Presentation Server installation.
B-3

Obtain the Remedy Single Sign-On Server private certificate RemedySSO.cer by performing the following steps:

Important information

If the Remedy Single Sign-On Server private certificate is already available, skip the certificate creation step and directly copy the certificate to a directory location on a computer where you have installed the Presentation Server.

  Perform the following sequence of steps to create signed certificate for the Remedy Single Sign-On Server

BMC Recommendation

BMC recommends that you keep the obtained certificates in a central location on the Presentation Server for ease of use. For example, copy the Remedy Single Sign-On Server certificate RemedySSO.cer to the <TrueSight Presentation Server Installation Directory>\temp\certificates directory. 

B-4

Import the Remedy Single Sign-On Server private certificate into the Presentation Server truststore by performing the following steps:

  Import the Remedy Single Sign-On Server certificate into the Presentation Server truststore
  1. Log on to the host computer where the TrueSight Presentation Server is installed.
  2. The keytool utility that is used to import the certificate is present in the <Presentation Server Installation Directory>\truesightpserver\modules\jre\bin directory. Add this directory path to the PATH environment variable by running the following command:

    #Microsoft Windows

    set PATH=<Presentation Server Installation Directory>\truesightpserver\modules\jre\bin;%PATH%

    #Unix

    export PATH=<Presentation Server Installation Directory>/truesightpserver/modules/jre/bin:$PATH

  3. Navigate to the <TrueSight Presentation Server Installation Directory>\truesightpserver\modules\jre\lib\security directory where the Presentation Server truststore cacerts is located.

  4. Take a backup of cacerts file and name it as cacerts-update

  5. Copy the Remedy Single Sign-On Server certificate to this directory.

  6. List all the keys in the cacerts-update keystore by running the following command:

    keytool -list -keystore cacerts-update -storetype JKS -storepass changeit

  7. Delete the existing Remedy Single Sign-On server certificate alias from the cacerts-update by running the following command:

    #Syntax

    keytool.exe -delete -alias <alias name> -keystore <keystore name> -storepass <keystore password>

    #Example

    keytool.exe -delete -alias remedysso -keystore cacerts-update -storepass changeit

    Note

    remedysso: Remedy Single Sign-On Server certificate alias name. If the Remedy Single Sign-On Server certificate alias name is different, then use the relevant alias name in the preceding command. If you don't have any existing Remedy Single Sign-On server certificate alias in the cacerts-update truststore, you can ignore this step and proceed to the next step that guides you to import the certificate.

  8. Import the Remedy Single Sign-On Server certificate into the cacerts-update truststore by running the following command:

    keytool -import -alias remedysso -file "<TrueSight Presentation Server Installation Directory>\temp\certificates\RemedySSO.cer" -keystore cacerts-update -storepass changeit

    Parameter description

    • RemedySSO.cer: Name and path of the CA signed certificate obtained from the Remedy Single Sign-On Server. If this name is different, use the relevant file name and path in the preceding command.

    • cacerts-update: Presentation Server truststore name
    • changeit: Default password of cacerts-update truststore. 
  9. When you run the preceding command, you are prompted with the following message, type Yes:

    Trust this certificate [no]:

  10. Navigate to the directory where the cacerts file is located.

    • Microsoft windows: <TrueSight Presentation Server Installation Directory>\truesightpserver\modules\jre\lib\security

    • Linux: <TrueSight Presentation Server Installation Directory>/truesightpserver/modules/jre/lib/security

  11. Rename the cacerts file to cacerts.orig

  12. Copy cacerts-update to cacerts

Where to go from here

You can check if you need to import Remedy Single Sign-On server signed certificate into the truststores of any other TrueSight Operations Management components. 

Was this page helpful? Yes No Submitting... Thank you

Comments