• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 2.7

    Page tree

    Use the information in this topic to create a KeyStore, create a custom self-signed certificate, and import the certificate.

    Note

    The security protocol used for encryption and decryption of communication between the Collection Station and the Collection Agent is Transport Layer Security (TLS).

    Related topics

    Security planning

    Configuring a secured connection

    Creating a KeyStore in JKS format

    To create a KeySTore in the JKS format, you need to run the following keytool command.

    Command syntax

    keytool -keystore <jksFileName> -genkey -alias <aliasName> -validity <numberOfDays> -keyalg <encryptionType>

    Example

    keytool -keystore bmcitda.jks -genkey -alias bmcitda -validity 365  -keyalg RSA

    In the preceding command, the following definitions apply:

    • <jksFileName> refers to the name of the KeyStore file (.jks format).
    • <aliasName>refers to the alias that you want to use while generating the KeyStore. 
    • <numberOfDays>refers to the number of days for which the KeyStore must remain valid.
    • <encryptionType>refers to encryption type that you want to use while generating the KeyStore.

    Recommendation

    BMC recommends that you create a separate directory in the following location and copy the KeyStore to that directory.

    • Windows: %BMC_ITDA_HOME%
    • Linux: $BMC_ITDA_HOME

    After you create the KeyStore, you need to perform the following additional steps:

    • (Optional) Create a custom self-signed certificate. You can also use the default self-signed certificate bundled with the IT Data Analytics product.
      For more information, see Creating a custom self-signed certificate.
    • Import the certificate into the appropriate Java Runtime Environment (JRE) location.

    Creating a custom self-signed certificate

    To create a custom self-signed certificate, you need to run the following keytool command.

    Command syntax

    keytool -export -alias <aliasName> -file <name> -keystore <keystoreFileName>

    Example

    keytool -export -alias bmcitda -file bmcitda.cer -keystore bmcitda

    In the preceding command, the following definitions apply:

    • <aliasName>refers to the alias used while generating the KeyStore.
    • <name> refers to the name with which the certificate file must be created.
    • <keystoreFileName> refers to the KeyStore file name (generated in the JKS format).

    Importing a certificate

    To import a self-signed certificate (default or custom) into a JRE location, you need to run the following command. The JRE location might differ based on the channel for which you are trying to configure security. For more information, see Configuring a secured connection.

    Command syntax

    keytool -importcert -keystore <jreLocation> -file <certificateFileName> -alias <aliasName> -storepass <password>

    Example

    keytool -importcert -keystore ../../jre/lib/security/cacerts -file ../../tomcat/conf/bmcitda.cer -alias bmcitda -storepass changeit

    In the preceding command, the following definitions apply:

    • <jreLocation> refers to location where you need to import the certificate. 
      The JRE location might differ based on the channel for which you are trying to configure security. For more information, see Configuring a secured connection.
    • <certificateFileName> refers to name of the certificate file that you want to import. Optionally, you can also include the location path with the file name.
    • <aliasName> refers to the alias used while generating the KeyStore.
    • <password> refers to the KeyStore password (default: changeit).
    © Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.