Implementing private certificates in the Remedy Single Sign-On Server
Complete the following procedures to create a signed certificate for the Remedy Single SSO Server.
BMC Confidential. The following information is intended only for registered users of docs.bmc.com.
Where to go from here
When you finish securing the Remedy SSO server, you can apply this Remedy SSO server certificate to other TrueSight Operations Management components, as described in the following procedures:
- Applying Remedy SSO Server private certificate to the TrueSight Presentation Server
- Applying Remedy SSO Server private certificate to the TrueSight IT Data Analytics
You can also explore how to implement private certificates in other TrueSight Operations Management components.
Was this page helpful? Yes No
Submitting...
Thank you
Comments
Hello, the links under the diagram under "To apply the Remedy SSO server certificate to the TrueSight Operations Management components" do not seem to work.
Hi,
Thanks for the feedback.
I will check and update.
Thanks,
Rashmi
Hi,
Thanks for your feedback.
Due to some limitations (with some browsers), we had linking issues in diagrams. I have removed the links from the diagrams.
The links can be referred from the Where to go from here section.
Thanks,
Rashmi
Hi Team ,
We we enter only the server name without the fqdn in subject alternative name then the certificate signing tool ( digicert) gives and error saying please enter full fqdn and try again
If the Remedy SSO Server is operating in high-availability mode, then modify the preceding command as shown below:
keytool -v -certreq -alias rssoserver -keystore loginvault-update.ks -storepass changeit -storetype JKS -dname "CN=,OU=,O=,L=,ST=,C=<2LetterContryCode>" -ext "san=dns:,dns:<primarySSO_server.FQDN>,dns:<secondarySSO_server.FQDN>,dns:,dns:,dns:" -file RSSO.csr
Hi Nikhil,
As per the SME inputs, the following command works fine. In the parameter description Note, server FQDN details are given. Please let me know if you have any additional error conditions.
keytool -v -certreq -alias rssoserver -keystore loginvault-update.ks -storepass changeit -storetype JKS -dname "CN=<loadbalancerFQDN>,OU=<Organizational Unit name>,O=<Organization Name>,L=<City>,ST=<State>,C=<2LetterContryCode>" -ext "san=dns:<loadbalancerFQDN>,dns:<primarySSO_server.FQDN>,dns:<secondarySSO_server.FQDN>,dns:<loadbalancer>,dns:<primarySSO_server>,dns:<secondarySSO_server>" -file RSSO.csr
Thanks,
Rashmi
While performing in High Availability Mode first point is " Shutdown the secondary Remedy SSO Server" and second point is "Access the Remedy SSO Server that is operating as secondary node."
How we can access secondary server If we shutdown the server ? Is this right ?
Hi Satish,
Yes, this is correct. Before copying the primary server certificate to the secondary server, the secondary server is shut down.
Thanks,
Rashmi
OK. What exactly "shut down" means here , Shut down application (stop the services) or shut down the server where the application is hosted ?
Hello Rashmi Gokhale,
Reviewed this Niyati today. Yes, let us change the language to Stop the services in step#2 and Start (not Restart) in step#6.
Hi Hari,
I have fixed it now.
Thanks,
Rashmi
We had to add a step 20b (similar to step 3):
keytool -delete -alias root -keystore loginvault.ks keytool -importcert -trustcacerts -alias root -keystore loginvault-update.ks -storepass changeit -file /tmp/RootCA.cer
Log in or register to comment.