Importing SSL certificates

For web service calls to Remedy ITSM over SSL, you must import the valid Midtier server certificate.

You can import certificates into TrueSight Infrastructure Management manually by performing a set of steps or by running the pw certificate import command.

Note

The ability to run the pw certificate import command is available only from version 11.3.02 of TrueSight Infrastructure Management.


To import the certificates via CLI

See  Creating and importing certificates in TrueSight Infrastructure Management. Open link

To import the certificates manually

  1. From a browser, download the required certificates from the Remedy IT Service Management (Remedy ITSM) environment and save them to a local disk in a file (for example, Test.cer).
  2. Ensure that you export the chain of certificates in a sequence - you must first import the parent and then the child certificate.
  3. On the BMC TrueSight server, go to the command prompt and change the directory to BMC_ProactiveNet_HOME\jre\bin.
  4. Run the following command:
    keytool -import -keystore cacerts -file Test.cer
  5. Additionally, import these certificates to the TrueSight keystore, using the following command:
    keytool -import –keystore BMC_ProactiveNet_HOME\pronto\conf\pnserver.ks -file Test.cer
  6. Restart the BMC TrueSight server.


Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Charles Kelley

    There is no need to download the certificate from a browser.  The keytool command has the ability to grab the certificate off the host:port that you specify.

    To get the certificate imported into both keystores, you can simply run:

    cd to <BPPM SERVER HOME>\pw\jre\bin

    keytool -printcert -sslserver MIDTIERHONAME:MIDTIERPORT -rfc | keytool -importcert -keystore ..\..\pronto\conf\pnserver.ks -storepass get2net -noprompt -alias remedymidtier

    keytool -printcert -sslserver MIDTIERHOSTNAME:MIDTIERPORT -rfc | keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -noprompt -alias remedymidtier


    Change the MIDTIERHOST and MIDTIERPORT above to the correct values, and for BSR purposes, the alias can be set as you choose (no specific alias required/referred to, if you leave off the -alias parameter, it will default to 'mykey').

    As per the instructions above, restart BPPM/Truesight afterwards

    Jul 21, 2017 03:42
  2. Charles Kelley

    On the above command, for the path to the keystore, be sure to use OS appropriate slashes in the path (i.e forward slashes for Linux).  Otherwise, you may inadvertently create a new keystore file in the current directory, such as ..libsecuritycacerts) instead of importing into the correct keystore.

    Sep 25, 2017 03:14
  3. Charles Kelley

    For the above command, if on Linux, you may need to be sure to have the command run keytool in the /usr/pw/jre/bin directory.  The /usr/bin/keytool command will likely not have the -sslserver parameter capability.

    Mar 14, 2018 10:12
  4. Roland Pocek

    great hint charles, many thanks

    Oct 29, 2018 09:46
  5. Sabari Yadavilli

    Great Hint @Charles Kelley... and it worked for me. After these steps the SDIG service got started, but facing issue at validation tests of Incident creation and Outage creation at time of those two steps getting below error in the event integrator logs..

    INFO 28 Aug 2019 18:36:491888406 [Thread-1,EVENT_INFO_POLLER] org.apache.axis2.transport.http.HTTPSender Unable to sendViaPost to url[https://:/arsys/services/ARService?server=sxv01itsmarap1p&webService=HPD_IncidentOutboundEvent]

    org.apache.axis2.AxisFault: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

    at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)

    at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)

    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)

    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)

    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

    at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)

    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

    at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)

    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)

    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)

    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)

    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)

    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)

    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

    at com.bmc.sas.ei.receiver.ar.stub.HPD_IncidentOutboundEventServiceStub.getEvents(HPD_IncidentOutboundEventServiceStub.java:218)

    at com.bmc.sas.ei.receiver.ar.stub.ITSMIncidentInfoClient.processRequest(ITSMIncidentInfoClient.java:526)

    at com.bmc.sas.ei.receiver.ar.stub.ITSMIncidentInfoClient.sendrequest(ITSMIncidentInfoClient.java:407)

    at com.bmc.sas.ei.receiver.ar.ARReceiver.receive(ARReceiver.java:75)

    at com.bmc.sas.ei.framework.tm.EventInfoPoller$InfopollingTask.run(EventInfoPoller.java:103)

    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

    at java.lang.Thread.run(Thread.java:748)

    Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:378)

    at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46)

    at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:222)

    at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:192)

    at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)

    ... 28 more

    Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1533)

    at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1545)

    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)

    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

    at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)

    at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)

    at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:376)

    ... 32 more

    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

    at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)

    at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)

    at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:397)

    at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)

    at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:230)

    at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:91)

    at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerialize(OMSourcedElementImpl.java:638)

    at org.apache.axiom.om.impl.util.OMSerializerUtil.serializeChildren(OMSerializerUtil.java:563)

    at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:846)

    at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.serializeInternally(SOAPEnvelopeImpl.java:267)

    at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:229)

    at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:188)

    ... 29 more

    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

    at sun.security.validator.Validator.validate(Validator.java:262)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

    ... 50 more

    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

    ... 56 more

    INFO 28 Aug 2019 18:36:491888408 [Thread-1,EVENT_INFO_POLLER] com.bmc.sas.ei.receiver.ar.stub.ITSMIncidentInfoClient *** There is no record found for given timestamp for poller *** Missing Resource Bundle

    INFO 28 Aug 2019 18:36:491888408 [Thread-1,EVENT_INFO_POLLER] com.bmc.sas.ei.receiver.ar.stub.ITSMIncidentInfoClient 1318 Missing Resource Bundle

    INFO 28 Aug 2019 18:36:491888408 [Thread-1,EVENT_INFO_POLLER] com.bmc.sas.ei.receiver.ar.ARReceiver 1321 Missing Resource Bundle

    INFO 28 Aug 2019 18:36:491888408 [Thread-1,EVENT_INFO_POLLER] com.bmc.sas.ei.framework.tm.EventInfoPoller -------Polling thread for eventinfo request Completed------- Missing Resource Bundle

    Can you please help me to resolve this issue.

    Regards Sabari Yadavilli...

    Aug 28, 2019 11:50
    1. Olha Horbachuk

      Sabari Yadavilli, IDD can mainly help with documentation. For log-related cases, please contact BMC Support.

      Feb 03, 2020 03:07
      1. Sabari Yadavilli

        Olha Horbachuk, this has been resolved. No worries, just to catch Charles posted here.

        Feb 03, 2020 03:11
  6. Roland Pocek

    if using truesight with TLS 1.2 configured you have to edit the IBRSD.dir file to have the cell using *TLS instead of mc

    Oct 30, 2020 06:29
    1. Ravee Panjwani

      Thanks for your comment, Roland Pocek

      We have mentioned the following on the Installing BMC Service Resolution for TrueSight Infrastructure Management or ProactiveNet topic: 

      If Transport Layer Security (TLS) is enabled on an Infrastructure Management cell, in the <installation_home>\integrations\ibrsd\conf\ibrsd.dir file, make the following change:

      Change:

      cell pncell_<TSIM_HOSTNAME> mc  <TSIM_HOSTNAME>:1828

      To:

      cell pncell_<TSIM_HOSTNAME> *TLS  <TSIM_HOSTNAME>:1828

      Please let me know if you think any additional changes are required.

      Thanks,
      Ravee

      Nov 02, 2020 06:57