Implementing private certificates in the Integration Service

BMC Confidential. The following information is intended only for registered users of docs.bmc.com.

Where to go from here

Once you create a signed certificate for the Integration Service, you can go ahead and apply the Integration Service certificate to the following components:

You can also check if you want to create private certificates in other TrueSight Operations Management components. For more information, see Implementing private certificates in TrueSight Operations Management.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Alfredo Luna

    Hello, I´m afraid that there is a mistake in the Unix path for certutil command.

    Sep 26, 2019 04:23
    1. Rashmi Gokhale

      Hi,

      Sorry for the delay. I have updated the Unix path and published the document.

      Oct 24, 2019 02:23
  2. Alfredo Luna

    Hello, The link in the section "To apply the Integration Service certificate to the Infrastructure Management server" does not works. Please, change it and put the correct link. I guess that the correct link is: https://docs.bmc.com/docs/TSOperations/113/applying-integration-service-certificate-to-the-truesight-infrastructure-management-843620444.html

    Regards, Alfredo.

    Sep 27, 2019 06:52
    1. Rashmi Gokhale

      Hi Alfredo,

      Thanks for your feedback.

      I will address both the comments and update you.

      Thanks,

      Rashmi

      Sep 27, 2019 07:08
    1. Rashmi Gokhale

      Hi,

      I had to update the image to fix some linking issues. The links are listed in the Where to go from here section.

      Oct 24, 2019 02:29
  3. Alfredo Luna

    Hello, In the section "To prepare for the Integration Service to Infrastructure Management server communication", the steep 1 says: "Log on to the host computer where the TrueSight Integration Service is installed.". Shouldn´t it be the server where TSIM is installed?

    Oct 01, 2019 06:42
    1. Rashmi Gokhale

      Hi,

      The statement intended to address both local and remote integration service.

      Please let me know if you have some inputs to modify this.


      Thanks,

      Rashmi

      Nov 04, 2019 05:36
  4. Alfredo Luna

    Hello, I'm afraid that in the section "To change the PATROL Agent's security level" is necessary to say that, in Lunux Servers, the command "p7_change_security_level" must be executed as root user.

    Thank You

    Oct 31, 2019 07:01
    1. Rashmi Gokhale

      Hi,

      I will confirm this with an SME and update the document accordingly. I will keep you posted.

      Thanks,

      Rashmi

      Nov 04, 2019 05:32
      1. Rashmi Gokhale

        Hi,

        Thanks for your feedback. 

        Yes, on the Linux operating system, you must run the command as a root user.

        I have modified the Note to reflect this.


        Jun 12, 2020 07:59
  5. Louis Duke

    Hello, there appears to be a typo in the "To create the signed certificates for the TrueSight Integration Service" section. An extra line appears with a blank step 7 currently. The instructions that should be executed as step 7 instead appear as step 8.

    Nov 21, 2019 03:06
    1. Rashmi Gokhale

      Hi,

      I have deleted the extra line and published the document.

      Thanks,

      Rashmi

      Dec 02, 2019 12:29
  6. Thurlow Caffey

    For changing security level on "Integration Service" under Linux for a standard ISN install, it appears that site.plc is incorrect. This file did not even exist on the system right after doing an ISN install. It appears that the correct file is /etc/patrol.d/_opt_bmc_TSIMAgent_pw/security_policy_v3.0/bppmpis.plc because it is the only file in the directory and it has a "security_level" in the [server] section of the file. Please verify and confirm this.

    Apr 03, 2020 02:39
    1. Rashmi Gokhale

      Hi,

      Thanks for the feedback.

      I will clarify with SMEs and update the document.

      Thanks,

      Rashmi

      Apr 06, 2020 12:45
      1. Rashmi Gokhale

        Hi,

        Thanks for the feedback. I have updated the directory and file name, and have published the topic.

        Thanks,

        Rashmi


        Apr 10, 2020 06:41
  7. Thurlow Caffey

    In context of "Integration Service Security Level", you should add link to or instructions on how to "unset the TLS mode before changing its security level". Is there a command that tells you what the current security level is?

    Apr 06, 2020 11:07
    1. Rashmi Gokhale

      Hi,

      1. We have instructions to unset TLS.
        Rolling back to SSL configuration

      2. Shahezad Mirkar , Can you please respond to the second part of the question?
        "Is there a command that tells you what the current security level is?


      Thanks,

      Rashmi

      Apr 07, 2020 08:48
      1. Rashmi Gokhale

        Hi,

        As per my discussion with the SME, there is no command to check the current security level. You need to check the registry to know the current security level.


        Apr 10, 2020 06:39
  8. Lakshmi Krishnamurthy

    Rashmi Gokhale ,


    Can you please check and update us can we configure load balancer names at the   openssl.cnf file instead of the ISN server hostname and does these functionality had been tested or not.


    Thanks & Regards,

    Lakshmi.K

    Jun 11, 2020 01:03
    1. Rashmi Gokhale

      Shahezad Mirkar,

      Please provide your inputs for the above query from Lakshmi.


      Thanks,

      Rashmi

      Jun 11, 2020 01:12