Appliance certificates

Communication within BMC Atrium Discovery is secured using TLS, and authenticated using certificates.

On the Appliance Certificates section you can get an overview of the certificates trusted by the system, manage the certificates for this appliance, as well as view the certificates for the appliances and proxies this appliance communicates with.

On the Known Certificates section you can see the details of all the certificates registered with the appliance (Windows proxies, consolidated appliances, and so on). 

 

  • After an upgrade from BMC Atrium Discovery versions earlier than 10.1, you are alerted to replace the legacy key and certificate by generating a new ones.
  • For an appliance that is a part of a consolidation setup, when you generate a new key and certificates, the appliance immediately exchanges keys and certificates with other members of the consolidation setup. This happens only once, immediately after the first time the legacy key and certificate is replaced with the new ones. 
  • For new installation of the BMC Atrium Discovery v10.1 a unique set of keys is generated automatically.

Navigating to the Appliance Certificates

To navigate to the Appliance Certificates:

  1. Click on the Administration tab on the top bar.
  2. Click the Appliance Certificates in the Security section. 

Viewing the appliance key/appliance certificate

To view the appliance key or appliance certificate, click Show details link next to the Appliance Key or Appliance Certificate fingerprint.

The following example shows the Appliance Key details:

Generating a new key and certificate

If you believe that an appliance's key has been compromised, or you otherwise wish to disable all existing communication with an appliance, you can generate a new key and certificate.

Notes

Unless switching from the legacy keys to unique ones after an upgrade, generating a new key and certificate will break all existing communication links to other components, until the links are re-established manually.

To generate new key and certificate:

  1. On the Appliance Certificates page, click Install new certificate and key.
  2. When prompted, confirm the action by clicking Yes.

Installing legacy key and certificate

To integrate a newly-installed appliance into a system with earlier-version proxies or appliances, you can install the legacy key and certificate.

Note

Switching to the legacy key and certificate will break any existing communication that was configured using the unique key and certificate. The links should be re-established manually.

To roll back to using the legacy key that is used in BMC Atrium Discovery version 10.0 and earlier, install legacy key and certificate:

  1. On the Appliance Certificates page, click Install legacy certificate and key.
  2. When prompted, confirm the action by clicking Yes.

Viewing portable CA certificate

On the Appliance Certificates page, click Show portable CA Certificate.

The CA Certificate dialog displays the CA certificate in a portable format (pem) that might be used for transferring the certificate to the appliance manually.

Viewing known certificates

To view a list of known certificates:

  1. Click on the Administration tab on the top bar.
  2. Click the Appliance Certificates in the Security section. 

The information fields for a known certificate are arranged in the following groups:

Field nameDetails
Type: NameThe name of the registered certificate, that usually consists of the type of the registered item and its name (for example, proxy: AD).
Show details/Hide detailsThe link that expands/collapses the certificate contents.
FileName of the file on disc that stores the certificate (for example, proxy_AD.pem).
FingerprintThe certificate fingerprint.


Was this page helpful? Yes No Submitting... Thank you

Comments