×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Operations Management 11.3 ... Installing Implementing private certificates in TrueSight Operations Management

Security certificate deployment best practices

The following guidelines and recommended methods help you create and import security certificates more efficiently.

Related topics

Security considerations for TrueSight Operations Management

Protect keystore files

Treat your private keys as an important asset. Recommended policies include the following:

  • Generate private keys on a trusted computer. 

  • Protect the keystore files with the help of passwords to prevent any compromise when they are stored in backup systems. 

  • Audit the certificates periodically, and ensure that you renew them before they expire.

Use strong certificate signature algorithms and 2048-bit keys

Certificate security depends on the strength of the private key that was used to sign the certificate, and the strength of the hashing function used in the signature. In our certificate documentation, the command that is used to generate private key pair specifies the algorithm that needs to be used. The following example illustrates the same:

keytool -genkey -alias itdaserver -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keystore bmcitda-update.jks -storepass changeit -storetype JKS -providername SUN

Make a backup of your keystores and truststores

To ensure a smooth transition between the test setup and the production setup, make a backup of your existing keystores, truststores, and certificates. The certificate documentation guides you to create signed certificates and import them into the default keystores and truststores. Before you go ahead and work on the default keystores and truststores, ensure that you make a backup of these keystores and truststores. Complete the certification creation and importing before you copy these newly created certificates into the production keystore and truststores.

Upgrade scenario best practices

If you are planning to upgrade a component that already has the signed certificates imported in its keystore and truststore, ensure the following for a smooth upgrade process:

  1. Make a backup of the default keystores and truststores that have the signed certificates.
  2. Upgrade the component.
  3. Restart the component.

Note

If you want to upgrade TrueSight Infrastructure Management that is already in TLS mode, ensure to run mmigrate for a smooth upgrade. This is to ensure that TLS settings in the mcell.conf are retained during the upgrade process.

Provide fully qualified domain name of the host machine while creating a key pair.

Ensure that you provide a fully qualified domain of the host machine while creating a key pair that will be used to generate signed certificates for a component.

Where to go from here

Create and import security certificates. For instructions, see Implementing private certificates in TrueSight Operations Management.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on May 31, 2018

Comments

Log in or register to comment.

Applying TrueSight Intelligence Metric Adapter certificate to the TrueSight Presentation Server
Implementing certificates in TrueSight Operations Management using scripts
© Copyright 2013-2019 BMC Software, Inc. © Copyright 2013-2019 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.