Appliance certificates
Communication within BMC Discovery is secured using TLS, and authenticated using certificates.
In the Appliance Certificates section, you can get an overview of the certificates trusted by the system, manage the certificates for this appliance, and view the certificates for the appliances and proxies this appliance communicates with.
In the Known Certificates section, you can see the details of all the certificates registered with the appliance (Windows proxies, consolidated appliances, and so on).
The following topics are provided in this section:
- After an upgrade from BMC Discovery versions earlier than 10.1, you are alerted to replace the legacy key and certificate by generating a new ones.
- For an appliance that is a part of a consolidation setup, when you generate a new key and certificates, the appliance immediately exchanges keys and certificates with other members of the consolidation setup. This happens only once, immediately after the first time the legacy key and certificate is replaced with the new ones.
- Windows proxies must re-register with the appliance after the appliance generates new keys and certificates.
- For new installation of BMC Discovery v10.1 and later a unique set of keys is generated automatically.
Navigating to the Appliance Certificates page
To navigate to the Appliance Certificates:
- From the main menu, click the Administration icon.
The Administration page opens. - In the Security section, click Appliance Certificates.
Viewing the appliance key/appliance certificate
To view the appliance key or appliance certificate, click the Show details link next to the Appliance Key or Appliance Certificate fingerprint.
This example shows the Appliance Key details:
Generating a new key and certificate
If you believe that an appliance key has been compromised, or you want to disable all existing communication with an appliance, you can generate a new key and certificate.
Notes
To generate new key and certificate:
- On the Appliance Certificates page, click Install new certificate and key.
- When prompted, confirm the action by clicking Yes.
- The offline update page is displayed while the system generates the keys and restarts.
- Once the system has restarted, the appliance is using the new keys. Any Windows proxies that the system was using must now re-register. See Managing known appliances for information on how to do this.
Installing legacy key and certificate
To integrate a newly installed appliance into a system with earlier-version proxies or appliances, you can install the legacy key and certificate.
Note
Switching to the legacy key and certificate will break any existing communication that was configured using the unique key and certificate. You must re-establish the links manually.
To roll back to using the legacy key that is used in BMC Discovery version 10.0 and earlier, install legacy key and certificate:
- On the Appliance Certificates page, click Install legacy certificate and key.
- When prompted, confirm the action by clicking Yes.
Viewing portable CA certificate
On the Appliance Certificates page, click Show portable CA Certificate.
The CA Certificate dialog displays the CA certificate in a portable format (pem) that might be used to manually transfer the certificate to the appliance.
Viewing known certificates
To view a list of known certificates:
- From the main menu, click the Administration icon.
The Administration page opens. - In the Security section, click Appliance Certificates.
The information fields for a known certificate are arranged in the following groups:
| Field name | Details |
|---|---|
| Type: Name | Name of the registered certificate; usually consists of the type of the registered item and its name (for example, proxy: AD). |
| Show details/Hide details | Link that expands or collapses the certificate contents. |
| File | Name of the file on disk that stores the certificate (for example, proxy_AD.pem). |
| Fingerprint | Certificate fingerprint. |
Comments
Log in or register to comment.