Implementing private certificates in the Integration Service
BMC Confidential. The following information is intended only for registered users of docs.bmc.com.
Where to go from here
Once you create a signed certificate for the Integration Service, you can go ahead and apply the Integration Service certificate to the following components:
- Applying Integration Service certificate to the TrueSight Infrastructure Management
- Applying Integration Service certificate to the PATROL Agent
You can also check if you want to create private certificates in other TrueSight Operations Management components. For more information, see Implementing private certificates in TrueSight Operations Management.
Was this page helpful? Yes No
Submitting...
Thank you
Comments
Hello, I´m afraid that there is a mistake in the Unix path for certutil command.
Hi,
Sorry for the delay. I have updated the Unix path and published the document.
Hello, The link in the section "To apply the Integration Service certificate to the Infrastructure Management server" does not works. Please, change it and put the correct link. I guess that the correct link is: https://docs.bmc.com/docs/TSOperations/113/applying-integration-service-certificate-to-the-truesight-infrastructure-management-843620444.html
Regards, Alfredo.
Hi Alfredo,
Thanks for your feedback.
I will address both the comments and update you.
Thanks,
Rashmi
Hi,
I had to update the image to fix some linking issues. The links are listed in the Where to go from here section.
Hello, In the section "To prepare for the Integration Service to Infrastructure Management server communication", the steep 1 says: "Log on to the host computer where the TrueSight Integration Service is installed.". Shouldn´t it be the server where TSIM is installed?
Hi,
The statement intended to address both local and remote integration service.
Please let me know if you have some inputs to modify this.
Thanks,
Rashmi
Hello, I'm afraid that in the section "To change the PATROL Agent's security level" is necessary to say that, in Lunux Servers, the command "p7_change_security_level" must be executed as root user.
Thank You
Hi,
I will confirm this with an SME and update the document accordingly. I will keep you posted.
Thanks,
Rashmi
Hi,
Thanks for your feedback.
Yes, on the Linux operating system, you must run the command as a root user.
I have modified the Note to reflect this.
Hello, there appears to be a typo in the "To create the signed certificates for the TrueSight Integration Service" section. An extra line appears with a blank step 7 currently. The instructions that should be executed as step 7 instead appear as step 8.
Hi,
I have deleted the extra line and published the document.
Thanks,
Rashmi
For changing security level on "Integration Service" under Linux for a standard ISN install, it appears that site.plc is incorrect. This file did not even exist on the system right after doing an ISN install. It appears that the correct file is /etc/patrol.d/_opt_bmc_TSIMAgent_pw/security_policy_v3.0/bppmpis.plc because it is the only file in the directory and it has a "security_level" in the [server] section of the file. Please verify and confirm this.
Hi,
Thanks for the feedback.
I will clarify with SMEs and update the document.
Thanks,
Rashmi
Hi,
Thanks for the feedback. I have updated the directory and file name, and have published the topic.
Thanks,
Rashmi
In context of "Integration Service Security Level", you should add link to or instructions on how to "unset the TLS mode before changing its security level". Is there a command that tells you what the current security level is?
Hi,
Rolling back to SSL configuration
"Is there a command that tells you what the current security level is?
Thanks,
Rashmi
Hi,
As per my discussion with the SME, there is no command to check the current security level. You need to check the registry to know the current security level.
Rashmi Gokhale ,
Can you please check and update us can we configure load balancer names at the openssl.cnf file instead of the ISN server hostname and does these functionality had been tested or not.
Thanks & Regards,
Lakshmi.K
Shahezad Mirkar,
Please provide your inputs for the above query from Lakshmi.
Thanks,
Rashmi
Hi,
I have sent an email to the SME and have copied you in the email.
Thanks,
Rashmi
Hi, How can I check if the communication is now with TLS? Regards, Patrick
Hi,
I have created a JIRA issue - https://jira.bmc.com/browse/DRTSA-565 to track this. Closing this thread here.
Thanks,
Rashmi
Log in or register to comment.