×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

This documentation supports the 20.02 version of Remedy Deployment.
To view an earlier version, select the version from the Product version menu.

Remedy Deployment 20.02 ... Installing Installing the platform components Installing BMC Remedy AR System Postinstallation procedures BMC Remedy AR System server post-installation procedures

Enabling LDAP plug-ins for SSL connections post-installation

This topic explains how to enable LDAP plug-ins for SSL connections in configured networks after a new installation. For information on adding a certificate for SSL communication after a new installation, see Enabling LDAP plug-ins for SSL connections postupgrade

Adding an LDAP certificate to the certificate database

To enable LDAP plug-ins for SSL connections in configured networks after a new installation, you must add a LDAP certificate to the certificate database for SSL communication. LDAPJ plug-ins support SSL communication to the LDAP server. When you configure LDAP plug-ins that use SSL connections, you specify the path and file name of the Java keystore that contains the certificate. LDAPJ then uses the Java KeyStore (JKS) type to store the certificates. 

Note

Pre-8.1 releases use the NSS based keystore. For more information, see  Enabling LDAP plug-ins to establish SSL connections with LDAP servers Open link in BMC Remedy AR System documentation.

To add a certificate for SSL communication after a new installation

    1. Download a digital certificate from the LDAP server.
      For more information, see the documentation for your LDAP server. For example, see the vendor's documentation on how to download a certificate for an Active Directory server.
    2. Create a keystore.
      To create and maintain the digital certificate data stores, the Java installation provides an out-of-the-box utility called keytool.

    3. Import the downloaded certificate into the keystore by using the following command:

      keytool -import -noprompt -trustcacerts -keystore <keystorePath> -storepass <password> -alias <aliasName> -file <certificatePath>

      Where:
      -trustcacerts — Stores the certificate as a trusted certificate in the keystore
      -keystore — The full path of the keystore file (for example C:\certdb\ldaptruststore.jks)

      Note

      If the keystore does not already exist, the command creates a new keystore.

      -storepass — Stores the password. Keystore password must contain at least 6 characters.
      -alias — The alias, or nickname, of the certificate

      -file — The file path of the digital certificate (for example C:\ldapCert\cert6b.rfc)

      For example, the command to import the downloaded certificate might look as follows:

      keytool -import -noprompt -trustcacerts -keystore C:\certdb\ldaptruststore.jks -storepass bmcAdmin -alias bmcAlias -file C:\ldapCert\cert6b.rfc

    4. List any available certificates in the keystore by using the following command:

      keytool -list -keystore C:\certdb\ldaptruststore.jks -storepass bmcAdmin

      Where:
      -list — Lists the available certificates in the store

      For example, using this command can result in the following:
      Keystore type: JKS
      Keystore provider: SUN
      Your keystore contains 1 entry
      cerqa6b, Aug 2, 2012, trustedCertEntry,
      Certificate fingerprint (MD5): 64:01:F3:E6:DD:A0:33:CA:E2:4A:92:50:10:51:59:70

    5. Configure the full path and file name of the certificate keystore in the Certificate Database field in the AREA LDAP Configuration and ARDBC LDAP Configuration forms. 

      Certificate Database field in the AREA LDAP Configuration form
       
      This configures the keystore in these forms.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Himanshu Raul on Dec 19, 2019
installation post-installation ldap platform remedy_ar_system

Comments

Log in or register to comment.

Flashboards postinstallation procedures
Updating configuration after changing from IPv4 to IPv6
© Copyright 1991-2021 BMC Software, Inc. © Copyright 1991-2021 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.