• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 1.0

    Page tree

    This topic provides instructions for enabling security for all actions that you perform using the product interface or the CLI.

    Before you begin

    • Ensure that you have generated a KeyStore in the JKS format. For more information, see Generating a KeyStore and TrustStore.

    • Ensure that you have generated a self-signed certificate.

    To enable security for the Console Server

    1. Locate the server.xml file at one of the following locations:

      • Windows: %BMC_ITDA_HOME%\tomcat\conf

      • Linux: $BMC_ITDA_HOME/tomcat/conf

    2. In the server.xml file, perform the following steps and save the changes.

      1. Locate and uncomment the following line:

        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
maxThreads="150" scheme="https" secure="true" clientAuth="false" 
sslProtocol="TLS" />
      2. Replace the port 8443 with 9443.

      3. Add the keystoreFile="keystoreFilePath" keystorePass="keystorePassword" property with the appropriate values, depending on the KeyStore that you generated earlier (see the following example).

         

        <Connector port="9443" protocol="HTTP/1.1"
SSLEnabled="true" keystoreFile="keystore_file_path"
keystorePass="changeit"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

    3. Locate the olaengineCustomConfig.properties file and searchserviceCustomConfig.properties at the following location:

      • Windows: %BMC_ITDA_HOME%\custom\conf\server

      • Linux: $BMC_ITDA_HOME/custom/conf/server

    4. In the olaengineCustomConfig.properties file, add the following properties:

      • consoleserver.protocol=https

      • consoleserver.port=9443

      • searchservice.port=9443

    5. In the searchserviceCustomConfig.properties file, add the following properties:

      • consoleserver.protocol=https

      • searchservice.port=9443

    6. Import the self-signed certificate into the Console Server's Java Runtime Environment (JRE) by using the following command:

      keytool -import -trustcacerts -alias <HostName-or-IP> -keystore $BMC_ITDA_HOME/jre/lib/security/cacerts -file <Certificate-Path>
      In this command, the following variables apply:
      • <HostName-or-IP> refers to the host name or IP address of the computer on which the Console Server is located.
      • <Certificate-Path> refers to the absolute path to the self-signed certificate of the Console Server.
    7. Re-start the Console Server. For more information, see Starting or stopping product services.
    8. Log on to the product in a supported browser.
    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.