Page tree

Skip to end of metadata
Go to start of metadata


Complete the following procedures to create a signed certificate for the Atrium Single Sign-On Server.

BMC Confidential. The following information is intended only for registered users of docs.bmc.com.

Where to go from here

When you finish securing the Atrium Single Sign-On server, you can apply this Atrium Single Sign-On server certificate to other TrueSight Operations Management components, as described in the following procedures:

You can also explore how to implement private certificates in other TrueSight Operations Management components.

11 Comments

  1.  

    1. Hi Charles,

      Have modified the statement that conveys that if there are any existing ASSO certificate aliases delete them.

      Thanks,

      Rashmi

  2.  

    1.  

  3. In Steps 7 and 8

    Do you know why do we need to change filename from keystore-update.p12 to keystore-update.ks without any reason? Is this typo?


    • To verify that tomcat alias is created, list the keystore file by running the following command:
      Verify the alias entry by listing the keystore file

      keytool -list -keystore keystore-update.ks -storepass changeit -storetype JKS




    1. Hi Mahesh,

      Thanks for the observation. I have fixed the typo.

      Thanks,

      Rashmi

  4. There are some errors in the document, I have followed the below link where 

    Johann Groenewald has clear instructions in the comments on how to do that. 


    https://docs.bmc.com/docs/display/public/sso90/Creating+a+new+key+pair

    1. Hi Tumati,

      Thank you for the feedback.

      I checked the instructions provided by Johann on the SSO page. Have corrected the store type as PKCS12.

      Regarding the key pair generation instruction when SSO is in high availability mode, I will check with an SME and update the instruction.

      Thanks,

      Rashmi


  5. A couple of questions:

    Based on these instructions, I am assuming that the Atrium SSO is already configured to look for these specific paths, keystore filename and keystore alias "tomcat".  We have a single keystore that manages several certificates and have to have a specific keyalias defined in the tomcat server.xml to make sure we getting the right on in the keystore.  Managing several certificates in several keystores on multiple servers will become an administrator's nightmare.

    Can you include steps on how to configure the tomcat server.xml file outside of using the defaults?

    1. Hi,

      Thanks for your feedback. I will discuss this with the SME and get back to you.

      Thanks,

      Rashmi

      1. Hi,

        I have created a JIRA - https://jira.bmc.com/browse/DRTSA-504 to track this, and have sent an email. Closing this thread here. 


        Thanks,

        Rashmi