Enabling TLS server certificate validation between the Presentation Server and the Application Server

The Capacity Optimization plugin in the TrueSight Presentation Server communicates with the Application Server component of TrueSight Capacity Optimization. You can use Transport Layer Security (TLS) authentication to secure connection between the TrueSight Presentation Server and the Application Server to ensure that the TrueSight Presentation Server sends encrypted data to the trusted Application Server only.

To enable TLS 1.2 with server certificate validation, complete the following steps:

  1. Obtain a signed certificate for the Presentation Server.
  2. Install the Presentation Server certificate into the truststore of the Application Server.
  3. Configure the TrueSight Presentation Server to use TLS.

Before you begin

I. Obtain a signed security certificate for the Presentation Server

Obtain a certificate that is signed by a certificate authority (CA) for the Presentation ServerFor information, see Implementing private certificates in the TrueSight Presentation Server .

II. Install the Presentation Server certificate into the truststore of Application Server

The Application Server uses the cotruststore.ts truststore to communicate with other components. This truststore is bundled along with the Server installation and is located in the <Server Installation Directory>/secure directory.

To install the Presentation Server certificate:

  1. Log on to the host computer where the Application Server is installed.

  2. Run the following command to add the directory path to the PATH environment variable. The default installation directory of the Application Server is /opt/bmc/BCO.

    # Linux

    export PATH=<Application Server Installation Directory>/jre/bin:$PATH

  3. Navigate to the directory where the cotruststore.ts truststore file is located.

    <Application Server Installation Directory>/secure

    Note

    Take a backup of the secure folder and save it in a location that is not in the Application Server install path. If you need to reinstall the Application Server in case it stops processing, you can restore this backed-up folder.


  4. Copy the TrueSight Presentation Server certificate to this directory.
  5. Copy cotruststore.ts truststore file and rename it as cotruststore-update.ts.
  6. Run the following command to list all the keys in the cotruststore-update.ts truststore file:

    keytool -list -keystore <Application Server Installation Directory>/secure/cotruststore.ts -storepass changeit -storetype JKS

    Note

    changeit is the default password for the cotruststore-update.ts truststore.

  7. Run the following command to delete the existing certificate alias, dummy, if any:

    keytool -delete -alias dummy -keystore <Application Server Installation Directory>/secure/cotruststore-update.ts -storepass changeit

    Parameter description

    dummy: Alias name for the root certificate. If the alias name of the root certificate is different, then use the relevant name in the preceding command.

  8. Run the list command again to verify that the aliases are deleted:

    keytool -list -keystore cotruststore-update.ts -storepass changeit

  9. Run the following command to import the Presentation Server certificate:

    #Import the TrueSight Presentation Server certificate

    keytool -import -alias truesightserver -keystore cotruststore-update.ts -file truesightPS.cer -storetype JKS -storepass get2net

    #When you are prompted with the Trust this certificate question, type Yes

    Parameter description:

    • truesightserverName of the Presentation Server alias.
    • truesightPS.cer: Name of the Presentation Server certificate.
    • cotruststore-update.ts: Name of the Application Server truststore.
  10. Navigate to the directory where the cotruststore.ts truststore is located.

    <Application Server Installation Directory>/secure

  11. Rename the cotruststore.ts truststore file as cotruststore.ts.orig.

  12. Copy cotruststore-update.ts truststore file and rename it as cotruststore.ts.

  13. Restart the Application Server.

III. Configure the TrueSight Presentation Server to use TLS

  1. Run the following command to ensure that the TrueSight Presentation Server is running:

    #Microsoft Windows 
    tssh server status

    #Unix 
    ./tssh server status
  2. Copy the cotruststore.ts file to the following directory on the Presentation Server:

    • (Windows<TrueSight Presentation Server Installation Directory>\truesightpserver\conf\secure
    • (UNIX<TrueSight Presentation Server Installation Directory>/truesightpserver/conf/secure
  3. Run the following command to add a new property in the Presentation Server:

    #Microsoft Windows 
    tssh properties set tsps.co.conntype tls
    #Unix 
    ./tssh properties set tsps.co.conntype tls
  4. Restart the Presentation Server.

    #Microsoft Windows 
    tssh server stop
    tssh server start
    #Unix 

    ./tssh server stop

    nohup sh tssh server start & 

The TrueSight Presentation Server is configured to communicate with the Application Server by using the TLS 1.2 protocol. 

Was this page helpful? Yes No Submitting... Thank you

Comments