Implementing certificates in TrueSight Operations Management using scripts


Supported with 11.3.02 and later

  • The CLI commands to create and import certificates is supported only with:
    • TrueSight Presentation Server version 11.3.02 and later
    • TrueSight Infrastructure Management server version 11.3.02 and later
    • TrueSight Integration Service version 11.3.02 and later
    For other TrueSight Operation Management components, manually create and import signed certificates. For details, see  Implementing private certificates in TrueSight Operations Management Open link .
  • The CLI commands to create and import certificates can be used only if you have root, intermediate, and server certificates. If you do not have all the 3 certificates, then manually create and import signed certificates. For details, Implementing private certificates in TrueSight Operations Management Open link .

Security certificates play a significant role in securing the TrueSight Operations Management environment. You must create and apply a security certificate on your server to initiate a secure session with the browsers. After a successful implementation of the security certificate, you can observe that the HTTP changes to HTTPS format on your browser address bar, as shown in the following screenshot:

Deploying signed certificates in TrueSight Operations Management environment involves tasks such as creating a private key pair, generating a certificate signing request (CSR), sending the CSR to the Certificate Authority (CA) of your organization for signing, and importing the signed certificates into the component's keystores/truststores. Presentation Server and the Infrastructure Management server provides set of CLI commands that helps you as an administrator to deploy certificates easily and quickly. 

The following procedures guide you to create and import certificates for the following TrueSight Operations Management components using the CLI commands:

ComponentFor detailed steps, see:
TrueSight Presentation Server

Using the tssh certificate command, you can:

  • Create and secure Presentation Server
  • Import the following component certificates into the Presentation Server truststore:
    • IT Data Analytics
    • Remedy Single Sign-On
    • Bladelogic
    • Infrastructure Management Server
    • Remedy Application Request Change Management System

For details, see Create and import signed certificates in TrueSight Presentation Server

TrueSight Infrastructure Management Server

Using the pw certificate command, you can:

  • Create and secure Infrastructure Management Server
  • Import the following component certificates into the Infrastructure Management Server truststore:
    • Presentation Server
    • Integration Service
    • BMC Service Resolution

For details, see Create and import signed certificates in TrueSight Infrastructure Management Server

TrueSight Integration Service

Using the pw certificate command, you can import the Presentation Server certificate into the Integration Service truststore. For details, see Importing certificates in TrueSight Integration Service

Where to go from here

Manually create and import signed certificates for the other TrueSight Operations Management components. For details, see Implementing private certificates in TrueSight Operations Management.


Was this page helpful? Yes No Submitting... Thank you

Comments

  1. John Conroy

    A summary of the aliases used for private keys and public, trusted certs for each component would be useful. As I understand it, and I may be wrong, it is important that the private key alias matches exactly what and individual TSOM component is expecting but the trusted cert alias name is more for user readability. These alias names seem to change between product versions so older docs can cause great confusion.

    Mar 10, 2020 10:26
    1. Rashmi Gokhale

      Hi,

      I will discuss this with the SME and update you.

      Thanks,

      Rashmi

      Mar 12, 2020 12:00
      1. Rashmi Gokhale

        Hi,

        I discussed this with the SME, and following is the summary of the discussion:

        Yes, the private key alias must exactly match as expected by the TSOM component.

        Alias name depends on the end-user and may vary depending on the end-user choice of names and environments.

        A list of alias names may give an impression that they must be named as documented.


        Jul 08, 2020 04:33