Importing SSL certificates

To communicate with TrueSight over an SSL channel, you must import valid SSL certificates.

You can import certificates into TrueSight Infrastructure Management manually by performing a set of steps or by running the pw certificate import command.


The ability to run the pw certificate import command is available only from version 11.3.02 of TrueSight Infrastructure Management.

To import the certificates via CLI

See  Creating and importing certificates in TrueSight Infrastructure Management.

To import the certificates manually

  1. From a browser, download the required certificates from the BMC Remedy IT Service Management (BMC Remedy ITSM) environment and save them to a local disk in a file (for example, Test.cer).
  2. Ensure that you export the chain of certificates in a sequence - you must first import the parent and then the child certificate.
  3. On the BMC TrueSight server, go to the command prompt and change the directory to BMC_ProactiveNet_HOME\jre\bin.
  4. Run the following command:
    keytool -import -keystore cacerts -file Test.cer
  5. Additionally, import these certificates to the TrueSight keystore, using the following command:
    keytool -import –keystore BMC_ProactiveNet_HOME\pronto\conf\pnserver.ks -file Test.cer
  6. Restart the BMC TrueSight server.

Was this page helpful? Yes No Submitting... Thank you


  1. Charles Kelley

    There is no need to download the certificate from a browser.  The keytool command has the ability to grab the certificate off the host:port that you specify.

    To get the certificate imported into both keystores, you can simply run:

    cd to <BPPM SERVER HOME>\pw\jre\bin

    keytool -printcert -sslserver MIDTIERHONAME:MIDTIERPORT -rfc | keytool -importcert -keystore ..\..\pronto\conf\pnserver.ks -storepass get2net -noprompt -alias remedymidtier

    keytool -printcert -sslserver MIDTIERHOSTNAME:MIDTIERPORT -rfc | keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -noprompt -alias remedymidtier

    Change the MIDTIERHOST and MIDTIERPORT above to the correct values, and for BSR purposes, the alias can be set as you choose (no specific alias required/referred to, if you leave off the -alias parameter, it will default to 'mykey').

    As per the instructions above, restart BPPM/Truesight afterwards

    Jul 21, 2017 03:42
  2. Charles Kelley

    On the above command, for the path to the keystore, be sure to use OS appropriate slashes in the path (i.e forward slashes for Linux).  Otherwise, you may inadvertently create a new keystore file in the current directory, such as ..libsecuritycacerts) instead of importing into the correct keystore.

    Sep 25, 2017 03:14
  3. Charles Kelley

    For the above command, if on Linux, you may need to be sure to have the command run keytool in the /usr/pw/jre/bin directory.  The /usr/bin/keytool command will likely not have the -sslserver parameter capability.

    Mar 14, 2018 10:12
  4. Roland Pocek

    great hint charles, many thanks

    Oct 29, 2018 09:46