By default, TEA Agents use pregenerated, self-signed certificates for authentication with App Visibility Manager. You can use your own custom certificates.
You can update certificates before installing your TEA Agents, or you can update certificates on TEA Agents that are already installed.
- To update certificates before installing TEA Agents, follow the instructions in To create the custom certificate folder in the TEA Agent installer.
- To update certificates for previously installed TEA Agents, follow the instructions in To replace security files on previously installed TEA Agents.
This topic contains the following sections:
Note
This topic does not include Changing security certificates in App Visibility components. This topic only describes the procedures for changing security certificates on TEA Agents.
Before you begin
- Install and Configure App Visibility components.
- Prepare the following files:
- keystoreFileName.jks, where keystoreFileName is your custom keystore file name
- truststoreFileName.jks, where truststoreFileName is your custom truststore file name
To create the custom certificate folder in the TEA Agent installer
This procedure creates the ..\Disk1\files\security\custom folder. The custom certificate is then included in your TEA Agent installation. The files are also used by the installer and the other utilities on the TEA Agent for communicating with App Visibility components.
- From the ...\Disk1\utility\ReplaceCertificateTool folder of your TEA Agent installer files, right-click the ReplaceCertificateTool batch file and select Run as administrator.
- Enter 1 to select Create Certificate folder with the encrypted passphrase.
Enter the required parameters:
Parameter
Description
Enter the keystore file name (full path):
Enter the full path and file name of your keystore. The keystore must be in .jks format. Enter the truststore file name (full path): Enter the full path and file name of your truststore. The truststore must be in .jks format. Enter the keystore passphrase: Enter the passphrase for the keystore. The certificate replacement utility encrypts the passphrase. Do not encrypt it before entering it here. The keystore passphrase must match the key passphrase in the keystore. The certificate replacement utility:
Creates the ..\Disk1\files\security\custom folder
Creates .pem files for the TEA Agent
Encrypts the keystore passphrase
Creates the cert.properties file with the new .jks files, .pem files, and encrypted keystore passphrase
Puts the .pem files, .jks files, and cert.properties file in the custom folder
(Recommended) Perform the procedure in To test the connection to your App Visibility portal.
Note
To install additional TEA Agents with the same custom certificates, copy the entire ..\Disk1\files\security\custom folder to the same location in the installer you are using to install the additional TEA Agents.
If you are installing additional TEA Agents using the same installer, no action is necessary. All installations from the same installer will use the custom certificates.
To test the connection to your App Visibility portal
Perform the following test to check the connection to your App Visibility portal using the certificates in the ..\Disk1\files\security\custom folder:
- From the ...\Disk1\utility\ReplaceCertificateTool folder of your TEA Agent installer files, right-click the ReplaceCertificateTool batch file and select Run as administrator.
- Enter 2 to select Test connection to App Visibility.
Enter the required parameters or press Enter to accept the default values:
Parameter
Description
Enter App Visibility host name/IP:
Enter the host name or IP address of the computer where your App Visibility portal is installed.
Enter App Visibility port number (default 8100):
Enter the port number that your App Visibility portal uses, or press Enter to accept the default value.
Default: 8100
The certificate replacement tests the connection with the App Visibility portal.
To replace security files on previously installed TEA Agents
- If you have not created the custom certificate folder, perform the steps in To create the custom certificate folder in the TEA Agent installer.
- From the ...\Disk1\utility\ReplaceCertificateTool folder of your TEA Agent installer files, right-click the ReplaceCertificateTool batch file and select Run as administrator.
- Enter 3 to select Apply custom certificate to TEA Agent.
Enter the required parameter or press Enter to accept the default values:
Parameter
Description
Enter TEA Agent working folder location (press enter for default):
Enter the full path to your TEA Agent working folder, or press Enter to accept the default value.
Default: C:\Program Files (x86)\BMC Software\BMCTEAAgent\TEAAgent\WorkingFolder
The certificate replacement utility:
Stops the TEA Agent service
Copies the .pem files and .jks files from the ..\Disk1\files\security\custom folder to your TEA Agent working folder
Restarts the TEA Agent service
Note
To deploy your certificates to additional TEA Agents that are connected to the same App Visibility portal:
- Back up the contents of the ..\Conf\Cert folder of the additional TEA Agents.
- Stop the TEA Agent service.
- Copy the entire ..\Conf\Cert folder from a TEA Agent where you have run the utility to the additional TEA Agents.
- Restart the TEA Agent service.
To encrypt a keystore passphrase
Use this procedure to encrypt your TEA Agent passphrase if you want to build a cert.properties file manually.
- From the ...\Disk1\utility\ReplaceCertificateTool folder of your TEA Agent installer files, right-click the ReplaceCertificateTool batch file and select Run as administrator.
- Enter 4 to select Keystore passphrase encryption only.
Enter the required parameter:
Parameter
Description
Enter a passphrase you want to encrypt:
Enter a passphrase.
The certificate replacement tool displays the encrypted passphrase. Copy the passphrase and paste it where you need it.
Related topics
Starting and stopping services
Changing security certificates in App Visibility components
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks