Specifying a trust store password
This topic describes how to specify a trust store password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.
Note
You can specify the trust store file, which is used to validate client certificates. The default is AO_Home\jvm\lib\security\cacerts.
In the instructions on this page, AO_HOME represents the installation directory for components.
To specify the trust store password as plain text on a server component
- Stop the TrueSight Orchestration services.
- On the computer for the server component, use a text editor to open the AO_Home\tomcat\conf\server.xml file.
Locate the
<Connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
- Append the following attribute to the
connector
element. Specify the trust store file location and the
<password>
:
truststoreFile="AO_Home\jvm\lib\security\cacerts"
truststorePass="<password>"
In the following example, myPassw0rd is the new trust store password:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" truststoreFile="C:\Program Files\BMC Software\CDP\jvm\lib\security\cacerts" truststorePass="myPassw0rd" />
- Save the server.xml file.
- Restart the TrueSight Orchestration services.
For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.
To specify an encrypted trust store password on a server component
- Start the Maintenance Tool, as described in Using the Maintenance Tool to encrypt a password.
- Stop the TrueSight Orchestration services.
- Using the Maintenance Tool, encrypt a password text string, as described in Using the Maintenance Tool to encrypt a password.
- On the computer for the server component, use a text editor to open the AO_Home\tomcat\conf\server.xml file.
Locate the
<Connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
After copying the encrypted password from the Maintenance Tool, append the following property to the
connector
attribute, replacing<encrypted-password>
with the copied value:SSLImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation" truststoreFile="AO_Home\jvm\lib\security\cacerts" truststorePass="<encrypted-password>"/>
The file should now appear similar to the example below:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLImplementation="com.bmc.ao.catalina.connector.BAOSSLImplementation" truststoreFile="C:\Program Files\BMC Software\CDP\jvm\lib\security\cacerts" truststorePass="b84f2299ca25a8040b2d022b56716490"/>
- Save the server.xml file.
- Restart the TrueSight Orchestration services.
Comments
Log in or register to comment.