Implementing private certificates in the Integration Service

BMC Confidential. The following information is intended only for registered users of docs.bmc.com.

Where to go from here

Once you create a signed certificate for the Integration Service, you can go ahead and apply the Integration Service certificate to the following components:

You can also check if you want to create private certificates in other TrueSight Operations Management components. For more information, see Implementing private certificates in TrueSight Operations Management.

Was this page helpful? Yes No Submitting... Thank you

Last modified by Shreya Gurukiran on Jul 08, 2020

task security installation post-installation tsps configuration components certificates

Comments

Alfredo Luna

Hello, I´m afraid that there is a mistake in the Unix path for certutil command.

Sep 26, 2019 04:23
1. Rashmi Gokhale
  
  Hi,
  Sorry for the delay. I have updated the Unix path and published the document.
  
  Oct 24, 2019 02:23
Alfredo Luna

Hello, The link in the section "To apply the Integration Service certificate to the Infrastructure Management server" does not works. Please, change it and put the correct link. I guess that the correct link is: https://docs.bmc.com/docs/TSOperations/113/applying-integration-service-certificate-to-the-truesight-infrastructure-management-843620444.html
Regards, Alfredo.

Sep 27, 2019 06:52
1. Rashmi Gokhale
  
  Hi Alfredo,
  Thanks for your feedback.
  I will address both the comments and update you.
  Thanks,
  Rashmi
  
  Sep 27, 2019 07:08
1. Rashmi Gokhale
  
  Hi,
  I had to update the image to fix some linking issues. The links are listed in the Where to go from here section.
  
  Oct 24, 2019 02:29
Alfredo Luna

Hello, In the section "To prepare for the Integration Service to Infrastructure Management server communication", the steep 1 says: "Log on to the host computer where the TrueSight Integration Service is installed.". Shouldn´t it be the server where TSIM is installed?

Oct 01, 2019 06:42
1. Rashmi Gokhale
  
  Hi,
  The statement intended to address both local and remote integration service.
  Please let me know if you have some inputs to modify this.
  
  Thanks,
  Rashmi
  
  Nov 04, 2019 05:36
Alfredo Luna

Hello, I'm afraid that in the section "To change the PATROL Agent's security level" is necessary to say that, in Lunux Servers, the command "p7_change_security_level" must be executed as root user.
Thank You

Oct 31, 2019 07:01
1. Rashmi Gokhale
  
  Hi,
  I will confirm this with an SME and update the document accordingly. I will keep you posted.
  Thanks,
  Rashmi
  
  Nov 04, 2019 05:32
  1. Rashmi Gokhale
    
    Hi,
    Thanks for your feedback.
    Yes, on the Linux operating system, you must run the command as a root user.
    I have modified the Note to reflect this.
    
    Jun 12, 2020 07:59
Louis Duke

Hello, there appears to be a typo in the "To create the signed certificates for the TrueSight Integration Service" section. An extra line appears with a blank step 7 currently. The instructions that should be executed as step 7 instead appear as step 8.

Nov 21, 2019 03:06
1. Rashmi Gokhale
  
  Hi,
  I have deleted the extra line and published the document.
  Thanks,
  Rashmi
  
  Dec 02, 2019 12:29
Thurlow Caffey

For changing security level on "Integration Service" under Linux for a standard ISN install, it appears that site.plc is incorrect. This file did not even exist on the system right after doing an ISN install. It appears that the correct file is /etc/patrol.d/_opt_bmc_TSIMAgent_pw/security_policy_v3.0/bppmpis.plc because it is the only file in the directory and it has a "security_level" in the [server] section of the file. Please verify and confirm this.

Apr 03, 2020 02:39
1. Rashmi Gokhale
  
  Hi,
  Thanks for the feedback.
  I will clarify with SMEs and update the document.
  Thanks,
  Rashmi
  
  Apr 06, 2020 12:45
  1. Rashmi Gokhale
    
    Hi,
    Thanks for the feedback. I have updated the directory and file name, and have published the topic.
    Thanks,
    Rashmi
    
    Apr 10, 2020 06:41
Thurlow Caffey

In context of "Integration Service Security Level", you should add link to or instructions on how to "unset the TLS mode before changing its security level". Is there a command that tells you what the current security level is?

Apr 06, 2020 11:07
1. Rashmi Gokhale
  Hi,
  We have instructions to unset TLS.
  Rolling back to SSL configuration
  
  Shahezad Mirkar , Can you please respond to the second part of the question?
  "Is there a command that tells you what the current security level is?
  
  Thanks,
  Rashmi
  Apr 07, 2020 08:48
  1. Rashmi Gokhale
    
    Hi,
    As per my discussion with the SME, there is no command to check the current security level. You need to check the registry to know the current security level.
    
    Apr 10, 2020 06:39
Lakshmi Krishnamurthy

Rashmi Gokhale ,

Can you please check and update us can we configure load balancer names at the openssl.cnf file instead of the ISN server hostname and does these functionality had been tested or not.

Thanks & Regards,
Lakshmi.K

Jun 11, 2020 01:03
1. Rashmi Gokhale
  
  Shahezad Mirkar,
  Please provide your inputs for the above query from Lakshmi.
  
  Thanks,
  Rashmi
  
  Jun 11, 2020 01:12
  1. Rashmi Gokhale
    
    Hi,
    I have sent an email to the SME and have copied you in the email.
    Thanks,
    Rashmi
    
    Jul 08, 2020 12:41
Patrick Mischler

Hi, How can I check if the communication is now with TLS? Regards, Patrick

Mar 04, 2021 08:53
1. Rashmi Gokhale
  
  Hi,
  I have created a JIRA issue - https://jira.bmc.com/browse/DRTSA-565 to track this. Closing this thread here.
  Thanks,
  Rashmi
  
  Mar 29, 2021 03:58

Log in or register to comment.

Applying Infrastructure Management server certificate to the TrueSight Intelligence Metric Adapter

Applying Integration Service certificate to the TrueSight Infrastructure Management