This documentation relates to the latest released version of BMC Discovery.
See the information on this topic for versions 11.2 or 11.1.

Communication within BMC Discovery is secured using TLS, and authenticated using certificates.

In the Appliance Certificates section, you can get an overview of the certificates trusted by the system, manage the certificates for this appliance, and view the certificates for the appliances and proxies this appliance communicates with.

In the Known Certificates section, you can see the details of all the certificates registered with the appliance (Windows proxies, consolidated appliances, and so on). 

The following topics are provided in this section:


  • After an upgrade from BMC Discovery versions earlier than 10.1, you are alerted to replace the legacy key and certificate by generating a new ones.
  • For an appliance that is a part of a consolidation setup, when you generate a new key and certificates, the appliance immediately exchanges keys and certificates with other members of the consolidation setup. This happens only once, immediately after the first time the legacy key and certificate is replaced with the new ones. 
  • Windows proxies must re-register with the appliance after the appliance generates new keys and certificates.
  • For new installation of BMC Discovery v10.1 and later a unique set of keys is generated automatically.

Navigating to the Appliance Certificates page

To navigate to the Appliance Certificates:

  1. From the main menu, click the Administration icon 
    The Administration page opens.
  2. In the Security section, click Appliance Certificates.

Viewing the appliance key/appliance certificate

To view the appliance key or appliance certificate, click the Show details link next to the Appliance Key or Appliance Certificate fingerprint.

This example shows the Appliance Key details:

Generating a new key and certificate

If you believe that an appliance key has been compromised, or you want to disable all existing communication with an appliance, you can generate a new key and certificate.

Notes

Unless you are switching from the legacy keys to unique ones after an upgrade, generating a new key and certificate will break all existing communication links to other components until the links are re-established manually.

To generate new key and certificate:

  1. On the Appliance Certificates page, click Install new certificate and key.
  2. When prompted, confirm the action by clicking Yes.
  3. The offline update page is displayed while the system generates the keys and restarts.
  4. Once the system has restarted, the appliance is using the new keys. Any Windows proxies that the system was using must now re-register. See Managing known appliances for information on how to do this.

Installing legacy key and certificate

To integrate a newly installed appliance into a system with earlier-version proxies or appliances, you can install the legacy key and certificate.

Note

Switching to the legacy key and certificate will break any existing communication that was configured using the unique key and certificate. You must re-establish the links manually.

To roll back to using the legacy key that is used in BMC Discovery version 10.0 and earlier, install legacy key and certificate:

  1. On the Appliance Certificates page, click Install legacy certificate and key.
  2. When prompted, confirm the action by clicking Yes.

Viewing portable CA certificate

On the Appliance Certificates page, click Show portable CA Certificate.

The CA Certificate dialog displays the CA certificate in a portable format (pem) that might be used to manually transfer the certificate to the appliance.

Viewing known certificates

To view a list of known certificates:

  1. From the main menu, click the Administration icon.
    The Administration page opens.
  2. In the Security section, click Appliance Certificates.

The information fields for a known certificate are arranged in the following groups:

Field nameDetails
Type: NameName of the registered certificate; usually consists of the type of the registered item and its name (for example, proxy: AD).
Show details/Hide detailsLink that expands or collapses the certificate contents.
FileName of the file on disk that stores the certificate (for example, proxy_AD.pem).
FingerprintCertificate fingerprint.


Related topics

Secure deployment

Replacing a default Certificate Authority bundle

Was this page helpful? Yes No Submitting... Thank you
  • No labels
© Copyright 2004 - 2019 BMC Software, Inc.
Legal notices