Installing a CA-signed certificate into the embedded web server

When you install TrueSight Capacity Optimization, an Apache web server is automatically installed, and a private key with a self-signed certificate is generated during installation. The web server is a part of the web application component of the Application Server.

To prevent certificate-related warnings while accessing the TrueSight Capacity Optimization from a browser,  you must install a certificate that is signed by a Certification Authority (CA) into the web server. The certificate can be signed by an enterprise CA or a third-party CA.

After you install the CA-signed certificate, a trusted TLS communication is established between the browser and the web server.

Before you begin

Ensure that you have the CA-signed certificates and the private key. These files must be saved to the server directory where all the certificate and key files are available.

  • Save the private key file (*.key) at the following path: $BCO_HOME/3rd_party/apache2/pki/tls/private
  • Save the certificate files (*.cer or crt) at the following path: $BCO_HOME/3rd_party/apache2/pki/tls/certs


If you receive the domain-specific certificate (for example, myserver.crt) and intermediate certificate chain (for example, intermediate.crt) from a CA, concatenate the intermediate.crt  to myserver.crt. For example, use the following command on a Linux system for concatenating certificates:

cat intermediate.crt  >> myserver.crt

For more information about concatenating certificates, see the SSLCertificateFile directive at the  Apache website.

To install the signed certificate

  1. Back up the private key file and the certificate file that you obtained from the CA authority.
  2. Open the ssl.conf file, and check the names of certificate and private key file names. This file is available in the following directory:  $BCO_HOME/3rd_party/apache2/conf
  3. Rename the CA-signed certificate and private key with the same certificate and key file names that are defined in ssl.conf.

  4. Copy the renamed certificate and private key files to the following directory:
    Certificate file: $BCO_HOME/3rd_party/apache2/pki/tls/certs
    Private key file: $BCO_HOME/3rd_party/apache2/pki/tls/private
  5. Log on to the host computer where the Application Server is installed.

  6. Run the following command to restart the Apache web server. 

    ./cpit restart httpd

The new URL to connect to TrueSight Capacity Optimization will be https://<HOSTNAME>/console.

To validate a trusted connection

To verify that a trusted connection is established with the web server, complete the following steps:

  1. Close all browser windows.
  2. Open a new browser window, and type the URL to access the TrueSight Capacity Optimization console.
    If the certificate is correctly applied, the secure symbol is displayed besides the https:// URL as shown in the following image:


    If the browser still shows a warning about an insecure connection, verify that the trusted root certificate from the CA is available in the certificate store or the keystore of your browser.

Was this page helpful? Yes No Submitting... Thank you