Implementing private certificates in the Remedy Single Sign-On Server

Complete the following procedures to create a signed certificate for the Remedy Single SSO Server.

BMC Confidential. The following information is intended only for registered users of

Where to go from here

When you finish securing the Remedy SSO server, you can apply this Remedy SSO server certificate to other TrueSight Operations Management components, as described in the following procedures:

You can also explore how to implement private certificates in other TrueSight Operations Management components.

Was this page helpful? Yes No Submitting... Thank you


  1. Przemek Tomczuk

    Hello, the links under the diagram under "To apply the Remedy SSO server certificate to the TrueSight Operations Management components" do not seem to work.

    Jan 28, 2019 11:24
    1. Rashmi Gokhale


      Thanks for the feedback.

      I will check and update.



      Jan 29, 2019 03:15
    1. Rashmi Gokhale


      Thanks for your feedback.

      Due to some limitations (with some browsers), we had linking issues in diagrams. I have removed the links from the diagrams.

      The links can be referred from the Where to go from here section.



      Feb 01, 2019 05:41
  2. Nikhil Shetty

    Hi Team ,

    We we enter only the server name without the fqdn in subject alternative name then the certificate signing tool ( digicert) gives and error saying please enter full fqdn and try again

    If the Remedy SSO Server is operating in high-availability mode, then modify the preceding command as shown below:

    keytool -v -certreq -alias rssoserver -keystore loginvault-update.ks -storepass changeit -storetype JKS -dname "CN=,OU=,O=,L=,ST=,C=<2LetterContryCode>" -ext "san=dns:,dns:<primarySSO_server.FQDN>,dns:<secondarySSO_server.FQDN>,dns:,dns:,dns:" -file RSSO.csr

    Aug 24, 2020 04:20
    1. Rashmi Gokhale

      Hi Nikhil,

      As per the SME inputs, the following command works fine. In the parameter description Note, server FQDN details are given. Please let me know if you have any additional error conditions.

      keytool -v -certreq -alias rssoserver -keystore loginvault-update.ks -storepass changeit -storetype JKS -dname "CN=<loadbalancerFQDN>,OU=<Organizational Unit name>,O=<Organization Name>,L=<City>,ST=<State>,C=<2LetterContryCode>" -ext "san=dns:<loadbalancerFQDN>,dns:<primarySSO_server.FQDN>,dns:<secondarySSO_server.FQDN>,dns:<loadbalancer>,dns:<primarySSO_server>,dns:<secondarySSO_server>" -file RSSO.csr



      Oct 07, 2020 01:06
  3. Satish Potnuru

    While performing in High Availability Mode first point is " Shutdown the secondary Remedy SSO Server" and second point is "Access the Remedy SSO Server that is operating as secondary node."

    How we can access secondary server If we shutdown the server ? Is this right ?

    Sep 01, 2020 02:39
    1. Rashmi Gokhale

      Hi Satish,

      Yes, this is correct. Before copying the primary server certificate to the secondary server, the secondary server is shut down.



      Sep 02, 2020 12:19
      1. Satish Potnuru

        OK. What exactly "shut down" means here , Shut down application (stop the services) or shut down the server where the application is hosted ?

        Sep 03, 2020 03:31
        1. Harihara Subramanian

          Hello Rashmi Gokhale,

          Reviewed this Niyati today. Yes, let us change the language to Stop the services in step#2 and Start (not Restart) in step#6.

          Oct 08, 2020 12:20
          1. Rashmi Gokhale

            Hi Hari,

            I have fixed it now. 



            Oct 14, 2020 12:36
  4. Kumar Vanka

    We had to add a step 20b (similar to step 3):

    keytool -delete -alias root -keystore loginvault.ks keytool -importcert -trustcacerts -alias root -keystore loginvault-update.ks -storepass changeit -file /tmp/RootCA.cer

    Apr 13, 2021 04:43