BMC Confidential. The following information is intended only for registered users of docs.bmc.com.
When you finish securing the Atrium Single Sign-On server, you can apply this Atrium Single Sign-On server certificate to other TrueSight Operations Management components, as described in the following procedures:
You can also explore how to implement private certificates in other TrueSight Operations Management components.
11 Comments
Charles Kelley
Rashmi Gokhale
Hi Charles,
Have modified the statement that conveys that if there are any existing ASSO certificate aliases delete them.
Thanks,
Rashmi
Charles Kelley
Rashmi Gokhale
Mahesh Darekar
In Steps 7 and 8
Do you know why do we need to change filename from keystore-update.p12 to keystore-update.ks without any reason? Is this typo?
To verify that tomcat alias is created, list the keystore file by running the following command:
Verify the alias entry by listing the keystore file
keytool -list -keystore keystore-update.ks -storepass changeit -storetype JKS
Rashmi Gokhale
Hi Mahesh,
Thanks for the observation. I have fixed the typo.
Thanks,
Rashmi
Benarjee Tumati
There are some errors in the document, I have followed the below link where
Johann Groenewald has clear instructions in the comments on how to do that.
https://docs.bmc.com/docs/display/public/sso90/Creating+a+new+key+pair
Rashmi Gokhale
Hi Tumati,
Thank you for the feedback.
I checked the instructions provided by Johann on the SSO page. Have corrected the store type as PKCS12.
Regarding the key pair generation instruction when SSO is in high availability mode, I will check with an SME and update the instruction.
Thanks,
Rashmi
David k Hill
A couple of questions:
Based on these instructions, I am assuming that the Atrium SSO is already configured to look for these specific paths, keystore filename and keystore alias "tomcat". We have a single keystore that manages several certificates and have to have a specific keyalias defined in the tomcat server.xml to make sure we getting the right on in the keystore. Managing several certificates in several keystores on multiple servers will become an administrator's nightmare.
Can you include steps on how to configure the tomcat server.xml file outside of using the defaults?
Rashmi Gokhale
Hi,
Thanks for your feedback. I will discuss this with the SME and get back to you.
Thanks,
Rashmi
Rashmi Gokhale
Hi,
I have created a JIRA - https://jira.bmc.com/browse/DRTSA-504 to track this, and have sent an email. Closing this thread here.
Thanks,
Rashmi