×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

This documentation supports the 19.08 version of Remedy and applies only to the on-premises deployment model.

To view an earlier version, select the version from the Product version menu.


Remedy Deployment 19.08 ... Upgrading Upgrading the platform Upgrading BMC Remedy AR System

Enabling LDAP plug-ins for SSL connections postupgrade

If you are upgrading from a version prior to 9.0 where you had configured the LDAP plugins, you must enable the LDAP plug-ins for Secure Sockets Layer (SSL) connections after an upgrade. If you are upgrading from version 9.0 or later, you can skip this procedure. For information about adding a certificate for SSL communication after a new installation, see Enabling LDAP plug-ins for SSL connections post-installation

The following steps are applicable for importing any cryptography for communication between the AREA LDAP Plugin and the Active Directory LDAP server regardless of the protocol, such as SSL and TLS. Implementation of a specific type of SSL or TLS depends on the certificate that you import and the operating system level settings that are implemented.

Migrating an LDAP certificate to the certificate database after an upgrade

To enable LDAP plug-ins for SSL connections in configured networks after an upgrade, you must add an LDAP certificate to the certificate database for SSL communication. LDAPJ plug-ins support SSL communication to the LDAP server. When you configure LDAP plug-ins that use SSL connections, you specify the path and file name of the Java keystore that contains the certificate. LDAPJ then uses the Java KeyStore (JKS) type to store the certificates.

Note

 Pre-8.1 releases use the NSS-based keystore. For more information, see Enabling LDAP plug-ins to establish SSL connections with LDAP servers Open link  in the Remedy AR System documentation.

In an upgrade scenario, if your AREA or ARDBC LDAP plug-ins are already configured to use SSL, you must migrate those certificates to the Java-based keystore.

To migrate an existing certificate for SSL communication after an upgrade

  1. To migrate the old certificates to the new Java-based keystore, perform the following steps:
    1. Locate the certificate path in the Certificate Database field in the AREA LDAP Configuration form or the ARDBC LDAP Configuration form.

    2. List all of the certificates from the configured certificate database by using following command:

      certutil -L -d <certificatePath>

      where certificatePath is the parent directory that contains the certificate database.

      For example, using this command provides the following results:
      my_x509_cert CT,P,P
      cert_ibmc_c8s25bs CT,P,P

    3. Select the certificate alias name that you want to use to export to the file.

    4. Export the certificate to a file:

      • To export a certificate database file that exists in the current directory to the my_x509_cert file, type the following command:

        certutil -L -a -n my_x509_cert -d . > C:\ldapCert\my_x509_cert.rfc

      • To export a certificate database file available in any location (which is not the current directory) to the my_x509_cert file, specify the -d parameter with the complete path of the certificate database files, as follows:

        certutil -L -a -n my_x509_cert -d C:\ldapCert > C:\ldapCert\my_x509_cert.rf

      • If the path includes spaces, enclose the path in double quotation marks as follows:

        -d "C:\Ldap Certs"

  2. Import the certificate by using the following command:

    keytool -import -noprompt -trustcacerts -keystore C:\certdb\ldaptruststore.jks -storepass mypassword
-alias my_x509_cert -file my_x509_cert.rfc

    Note

    If the keystore does not already exist, this command creates a new keystore.

  3. Configure the full path and file name of the certificate keystore in the AREA LDAP Configuration form or ARDBC LDAP Configuration form.
  4. Restart the plug-in server to use the updated configuration.

Related topic

Integrating with a directory service Open link

Was this page helpful? Yes No Submitting... Thank you
Last modified by Himanshu Raul on Apr 25, 2024
remedy_it_service_management upgrading developer_studio remedy_ar_system post-upgrade ssl tls

Comments

Log in or register to comment.

Migrating configurations
Upgrading BMC Remedy AR System in silent mode
© Copyright 1991-2021 BMC Software, Inc. © Copyright 1991-2021 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.