This documentation supports the 19.11 version of BMC CMDB, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

SSL TLS transport-level security

Apache Tomcat 6 is configured to be ready for both HTTP and HTTPS connections for one-way SSL authentication. BMC Atrium Core Web Services does not support two-way SSL authentication. The HTTPS connector for BMC Atrium Core Web Services uses the TLS scheme (TLSv1) rather than SSL/SSLv3.

If you install into an existing Tomcat 6 instance that already has SSL enabled, that SSL configuration is used. If either a new Tomcat 6 instance is installed or your existing Tomcat 6 instance did not have SSL enabled, the installer adds the HTTPS connector and configures it to use the following key and keystore:

Keystore details

Keystore

Description

Filename

<BMCAtriumCoreInstallationDirectory>
/wsc/atriumws90/keystores/bmcatriumwsserverssl.jks

Type

Java KeyStore (JKS)

Password

atrium

Key alias

bmcatriumwsserverssl

Key password

atrium

Because this is only configured for one-way SSL, the server does not authenticate the certificates of any connecting clients. However, the client must authenticate the public certificate that the server uses in its SSL configuration. If the default key pair in Truststore details is used, the client adds the following public certificate to its truststore for SSL: <BMCAtriumCoreInstallationDirectory>/wsc/atriumws90/keystores/bmcatriuwscacertsssl.jks

BMC Atrium Core Web Services also includes a truststore that contains all the public certificates of commonly accepted Certificate Authorities as well as the default public certificate used in configuration. The following table describes this truststore.


Public certificate details

Keystore

Description

Filename

<BMCAtriumCoreInstallationDirectory>
/wsc/atriumws90/keystores/bmcatriuwscacertsssl.jks

Type

Java KeyStore (JKS)

Password

atrium

Important

Replace the default truststore and key with one that meets your company's requirements.

You can configure the Atrium Web Service Archive to accept both HTTP and HTTPS connections, exposing the web services on both endpoints, or you can restrict to one or the other. The default instance restricts access to HTTPS because the default behavior has no cryptographic WS-Security policies applied.

Was this page helpful? Yes No Submitting... Thank you

Comments