Appliance certificates
Communication within BMC Discovery is secured using TLS, and authenticated using certificates.
In the Appliance Certificates section, you can get an overview of the certificates trusted by the system, manage the certificates for this appliance, and view the certificates for the appliances and proxies this appliance communicates with.
In the Known Certificates section, you can see the details of all the certificates registered with the appliance (Windows proxies, consolidated appliances, and so on).
Note
- For an appliance that is a part of a consolidation setup, when you generate a new key and certificates, the appliance immediately exchanges keys and certificates with other members of the consolidation setup. This happens only once, immediately after the first time the legacy key and certificate is replaced with the new ones.
- Windows proxies must re-register with the appliance after the appliance generates new keys and certificates.
- For new installations of BMC Discovery, a unique set of keys is generated automatically.
Navigating to the Appliance Certificates page
To navigate to the Appliance Certificates:
- From the main menu, click the Administration icon.
The Administration page opens. - In the Security section, click Appliance Certificates.
Viewing the appliance key/appliance certificate
To view the appliance key or appliance certificate, click the Show details link next to the Appliance Key or Appliance Certificate fingerprint.
This example shows the Appliance Key details:
Generating a new key and certificate
If you believe that an appliance key has been compromised, or you want to disable all existing communication with an appliance, you can generate a new key and certificate.
Note
To generate new key and certificate:
- On the Appliance Certificates page, click Install new certificate and key.
- When prompted, confirm the action by clicking Yes.
- The offline update page is displayed while the system generates the keys and restarts.
- Once the system has restarted, the appliance is using the new keys. Any Windows proxies that the system was using must now re-register. For more information, see Managing known appliances.
Viewing portable CA certificate
On the Appliance Certificates page, click Show portable CA Certificate.
The CA Certificate dialog displays the CA certificate in a portable format (pem) that might be used to manually transfer the certificate to the appliance.
Viewing known certificates
To view a list of known certificates:
- From the main menu, click the Administration icon.
The Administration page opens. - In the Security section, click Appliance Certificates.
The information fields for a known certificate are arranged in the following groups:
| Field name | Details |
|---|---|
| Type: Name | Name of the registered certificate; usually consists of the type of the registered item and its name (for example, proxy: AD). |
| Show details/Hide details | Link that expands or collapses the certificate contents. |
| File | Name of the file on disk that stores the certificate (for example, proxy_AD.pem). |
| Fingerprint | Certificate fingerprint. |
Comments
Log in or register to comment.