This topic provides instructions for enabling security for all actions that you perform using the product interface or the CLI.
Ensure that you have generated a KeyStore in the JKS format. For more information, see Generating a KeyStore and TrustStore.
Ensure that you have generated a self-signed certificate.
Locate the server.xml file at one of the following locations:
Linux: $BMC_ITDA_HOME/tomcat/conf
In the server.xml file, perform the following steps and save the changes.
Locate and uncomment the following line:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
8443
with 9443
.Add the keystoreFile="keystoreFilePath" keystorePass="keystorePassword"
property with the appropriate values, depending on the KeyStore that you generated earlier (see the following example).
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="keystore_file_path" keystorePass="changeit" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Locate the olaengineCustomConfig.properties file and searchserviceCustomConfig.properties at the following location:
Windows: %BMC_ITDA_HOME%\custom\conf\server
In the olaengineCustomConfig.properties file, add the following properties:
consoleserver.protocol=https
consoleserver.port=9443
searchservice.port=9443
In the searchserviceCustomConfig.properties file, add the following properties:
consoleserver.protocol=https
searchservice.port=9443
Import the self-signed certificate into the Console Server's Java Runtime Environment (JRE) by using the following command:
keytool -
import
-trustcacerts -alias <HostName-or-IP> -keystore $BMC_ITDA_HOME/jre/lib/security/cacerts -file <Certificate-Path>
<HostName-or-IP>
refers to the host name or IP address of the computer on which the Console Server is located.<Certificate-Path>
refers to the absolute path to the self-signed certificate of the Console Server.