×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
TrueSight Orchestration Platform 8.2 ... Planning Security planning

Specifying a trust store password

This topic describes how to specify a trust store password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.

Note

You can specify the trust store file, which is used to validate client certificates. The default is AO_Home\jvm\lib\security\cacerts.

In the instructions on this page, AO_HOME represents the installation directory for  components.

To specify the trust store password as plain text on a server component

  1. Stop the TrueSight Orchestration services.
  2. On the computer for the server component, use a text editor to open the AO_Home\tomcat\conf\server.xml file.

  3. Locate the <Connector> element that contains the HTTPS protocol information, as shown in the following sample:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
  4. Append the following attribute to the connector element.

  5. Specify the trust store file location and the <password>:
    truststoreFile="AO_Home\jvm\lib\security\cacerts"
    truststorePass="<password>"

    In the following example, myPassw0rd is the new trust store password:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" truststoreFile="C:\Program Files\BMC Software\CDP\jvm\lib\security\cacerts" truststorePass="myPassw0rd" />
  6. Save the server.xml file.
  7. Restart the TrueSight Orchestration services.

    For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.

To specify an encrypted trust store password on a server component

  1. Start the Maintenance Tool, as described in Using the Maintenance Tool to encrypt a password.
  2. Stop the TrueSight Orchestration services.
  3. Using the Maintenance Tool, encrypt a password text string, as described in Using the Maintenance Tool to encrypt a password.
  4. On the computer for the server component, use a text editor to open the AO_Home\tomcat\conf\server.xml file.

  5. Locate the <Connector> element that contains the HTTPS protocol information, as shown in the following sample:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

  6. After copying the encrypted password from the Maintenance Tool, append the following property to the connector attribute, replacing <encrypted-password> with the copied value:

               SSLImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation"
           truststoreFile="AO_Home\jvm\lib\security\cacerts"
           truststorePass="<encrypted-password>"/>


    The file should now appear similar to the example below:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           SSLImplementation="com.bmc.ao.catalina.connector.BAOSSLImplementation"
           truststoreFile="C:\Program Files\BMC Software\CDP\jvm\lib\security\cacerts"
           truststorePass="b84f2299ca25a8040b2d022b56716490"/>
  7. Save the server.xml file.
  8. Restart the TrueSight Orchestration services.

Related topic

Using the Maintenance Tool to encrypt a password

Configuring TrueSight Orchestration to use HTTPS

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Hardikar on Aug 22, 2019
configuration_distribution_peer password cdp administration trust_store configuration repository high_availability ap lap activity_peer lightweight_activity_peer

Comments

Log in or register to comment.

Specifying a keystore password
Encryption to secure files
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.