Configuring the web service
For the external integration with other products to work, the web service module is required. You need to add those devices to the Web Service Configuration view. Also, for the BMC Client Management integration with other ITSM applications, an SSL certificate issued by a trusted authority is required.
Configuring the device web service for use with the external integrations consists of the following steps:
Adding an SSL certificate
To secure the transactions and encrypt the information passing between the BMC Client Management server and BMC ITSM applications, you must install a Secure Socket Layer (SSL) certificate on the BMC Client Management server. For more information about SSL, see http://en.wikipedia.org/wiki/Secure_Sockets_Layer. You must purchase an SSL certificate from an SSL vendor, such as Go Daddy or Symantec . After purchasing the SSL certificate, you must prepare the certificate by creating a private key and Certificate Signing Request (CSR). When you created the private key and the CSR, you are ready to install the SSL certificate.
This process is divided into the following steps:
Preparing the CSR
When purchasing an SSL certificate, the certification authority will request you to provide a Certificate Signing Request (CSR). A CSR is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private 2048-bit key will also be created at the same time which you should store in a safe place.
To prepare your certificate proceed as follows:
- Click Prepare Certificate Request .
The Prepare Certificate Request appears.
Enter the required information into the following fields:
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC, for example My Spy Company, Inc..
The division of your organization handling the certificate.
The city where your organization is located.
The state/region where your organization is located. This should not be abbreviated, for example Califiornia.
Select the country in which your organization is located from the dropdown list.
Private Key Password
Enter the password that encodes the private key. This is not mandatory but recommended.
Private Key Password Confirmation
Reenter the password for confirmation.
- Click 1 Save Private Key .
Browse to the location where you want to save the private key.
BMC recommends that you save the private key in the same folder where you saved the SSL certificate.
The private key is now saved in a text file on your computer.
Click 2 Save CSR .
The CSR is saved in a text file on your computer. It is this file that needs to be sent to your certificate provider.
BMC recommends that you save the CSR in the same folder where you saved the SSL certificate and the private key.
- Click Close to close the window.
Your private key and all required information are now saved on your computer. Now you need to send the saved CSR file to your certificate provider who normally will send you the final certificate in an email that should also contain download links to the root and intermediary certificates required for installing the SSL certificate on BMC Client Management .
Be aware that it might take quite a while for you to receive the certificate and can thus continue to install it.
Installing the SSL certificate
After you received the certificate you need to install it in BMC Client Management before it can be used for the external integration:
- Click Install Certificate .
The Install Certificate window appears.
- Enter into the Give a name to your certificate field a unique name for the new SSL certificate.
- To enter the required data into the Root Certificate field click Browse .
An Open window appears.
- Select the file that contains the root certificate.
Click Open .
The content of the selected file is copied to the respective field.
You can also enter the required data into these fields by opening the respective files in a text editor and copying their content into the respective fields. For this you need to copy the content from the
----BEGIN CERTIFICATE---to the
Ensure that you copy
---END CERTIFICATE----too. Some certificate providers might give you the root and intermediate certificates in one file. You can verify if you added the correct certificate after pasting the content and clicking Details . A root authority is self-signed. Therefore, the Issuer and Subject fields must have the same value.
Repeat the preceding steps for the Intermediate Certificates and Final Certificate fields.
The Intermediate Certificates is optional and can remain empty if no Intermediate Certificates exists.
- To display the details of a certificate, for example to verify if the selected certificate is the correct one click Details .
A Certificate Details window appears showing the contents of the certificate in readable format.
Repeat the preceding steps for the Private Key field.
If you are manually copying the private key you need to copy the content from the
----BEGIN RSA PRIVATE KEY---to the
---END RSA PRIVATE KEY----markers, including the markers themselves.
- If a password was defined for the private key in the certificate request preparation you need to enter it here as well. If not password was defined this field can remain empty.
- After all data is filled in the Install Certificates button becomes available. Click it.
A Information window appears, with the result of the certificate installation. This can either be The SSL certificate was successfully installed. or an error message displays detailing the issue causing the error.
The required SSL certificate is now installed and BMC Client Management is ready for integration with BMC Remedyforce.
Adding devices for web services and external integrations
To add a device for use with the external integrations, its web services module must be loaded and configured as follows:
- Click Add Device .
The Enable Web Service Module on Selected Device window appears.
- Select the desired device from one of the available lists and click OK .
The device is now added to the list of web service enabled devices.
- To specifically configure the web service for the device select it in the left window pane.
- Now double-click an entry in the table or click Properties .
The Properties window appears.
Fill the required information into the respective fields:
Web Service Port
Defines the TCP port dedicated to the web services.
Listening Addresses Comma separated list of local addresses (ipv4 and/or ipv6) on which we will listen. By default, addresses are 0.0.0.0,::, which means listen on all IPV4 and IPV6 addresses.
Defines a number of IP addresses from which the agent is to accept incoming Web service requests. Trusted addresses may be entered as single IP addresses or in form of address ranges:Dotted notation, for example, 18.104.22.168 or 2001:db8:85a3::8a2e:370:7334CIDR notation, for example, 22.214.171.124/24 or 2001:db8:85a3::8a2e:370:152/896With the short or complete network name such as scotty or scotty.enterprise.comA mixture of both: 126.96.36.199, 2001:db8:85a3::8a2e:370:152/896, scotty.enterprise.com.Several ranges must be separated by a comma (,).
- Click OK to confirm the web service configuration.