Creating and importing certificates in TrueSight Infrastructure Management
BMC Confidential. The following information is intended only for registered users of docs.bmc.com.
Where to go from here
Once you secure the Infrastructure Management Server, you can check how to secure the TrueSight Integration Service. For details, see Importing certificates in TrueSight Integration Service.
Related topic
To manually create and import signed certificates, see Implementing private certificates in TrueSight Operations Management.
Was this page helpful? Yes No
Submitting...
Thank you
Comments
It would be useful if the "pw certificate list" command could be run without the alias parameter and return all available aliases in a keystore/truststore along with the detail as to whether an alias relates to a private key or a trusted certificate. Without this the user has to revert to using the normal keytool utility.
Also, as far as I can tell, in 11.3 the TSIM server private key is actually called "pnca" not "tsimserver". Does this matter as I'm led to believe that in the case of an application calling to its private key reference that the name is referenced and therefore important?
Hi,
I will discuss this with the SME and update you.
Thanks,
Rashmi
Hi,
Thanks for your feedback.
I discussed this with the SME, and have shared this information with the certificate SME (Shahezad Mirkar).
Yes, the private key is very important. The alias name shouldn’t matter. In TSIM-IS communication, pnca is the name at the server side and pnagent is at the client side, and it follows a mutual authentication.
Thanks,
Rashmi
When I ran "pw certificate import TSIM" on the secondary to import the same p7b file that I'd imported on the primary, I got the following error: "Exiting, the /usr/pw/pronto/conf/tsimSrv.key file doesn't exist.". I had to copy it over from the primary in order to get things to work. You might want to mention this up above in setting up the secondary.
Hi,
Thanks for your feedback.
We have mentioned this step in the section: To create and import the certificates for the Infrastructure Management Server deployed in high-availability – Step 4 &5.
Thanks,
Rashmi
The "pw certificate * *" command set has worked well so far in my usage. What about when things don't work well? It's great that it makes lots of backups of important files but it would be even better if the command set had an "undo" or "reverse" operator/command modifier to put things back they way they were BEFORE using a given command. CONSIDER THIS A FEATURE REQUEST PLEASE!
Hi,
Thanks for your valuable feedback.
I have shared these details with the certificate SMEs.
Thanks,
Rashmi
Same thing for TSPS for the "tssh certificate * *" command set; please add an "undo" or "reverse" operator/command modifier to put things back they way they were BEFORE using a given command. CONSIDER THIS A FEATURE REQUEST PLEASE!
Hi,
Thanks for your valuable feedback.
I have shared these details with the certificate SMEs.
Thanks,
Rashmi
Regarding import the other component certificates into the Infrastructure Management Server, you should state what the generally expected alias is for a component to minimize confusion and malfunction.
Hi,
Thanks for your feedback.
I will add the details and publish the document.
Thanks,
Rashmi
Hi,
I have created a JIRA issue - https://jira.bmc.com/browse/DRTSA-491 to track this. Closing this thread here.
Thanks,
Rashmi
FEATURE REQUEST: It would be highly appreciated if you could write this kind of utility for setting up certs for patrol agents and integration service nodes as well; especially when having to setup "security level 4" communications with TLS.
Hi,
Thanks for your feedback.
I have shared this feature request with the certificate SMEs.
Thanks,
Rashmi
How can we create certificate request in RSSO server to renew SSL certificate for Production Environment ?
Hi
Quick script to automate RSSO cert change to TSPS: echo "Retrieve Cert" openssl s_client -showcerts -connect HereYourRSSOFQDN:port < /dev/null | openssl x509 -outform PEM > /tmp/RemedySSO.crt
echo "Remove old cert" $TRUESIGHTPSERVER_HOME/truesightpserver/modules/jre/bin/keytool -delete -noprompt -trustcacerts -alias RSSO -keystore $TRUESIGHTPSERVER_HOME/truesightpserver/modules/jre/lib/security/cacerts -storepass changeit
echo "Import cert" $TRUESIGHTPSERVER_HOME/truesightpserver/modules/jre/bin/keytool -import -trustcacerts -alias RSSO -file /tmp/RemedySSO.crt -keystore $TRUESIGHTPSERVER_HOME/truesightpserver/modules/jre/lib/security/cacerts -storepass changeit tssh server stop tssh server start
Log in or register to comment.