Skip to Content

Enabling security for the Console Server

This topic provides instructions for enabling security for all actions that you perform using the product interface or the CLI.

Before you begin

  • Ensure that you have generated a KeyStore in the JKS format. For more information, see Generating-a-KeyStore-and-TrustStore.
  • Ensure that you have generated a self-signed certificate.

To enable security for the Console Server

  1. Locate the server.xml file at one of the following locations:
    • Windows: %BMC_ITDA_HOME%\tomcat\conf
    • Linux: $BMC_ITDA_HOME/tomcat/conf
  2. In the server.xml file, perform the following steps and save the changes.

    1. Locate and uncomment the following line:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true" clientAuth="false"
      sslProtocol="TLS" /> 
    2. Replace the port 8443 with 9443.

    3. Add the keystoreFile="keystoreFilePath" keystorePass="keystorePassword" property with the appropriate values, depending on the KeyStore that you generated earlier (see the following example).

       

      <Connector port="9443" protocol="HTTP/1.1"
      SSLEnabled="true" keystoreFile="keystore_file_path"
      keystorePass="changeit"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" /> 
  3. Locate the olaengineCustomConfig.properties file and searchserviceCustomConfig.properties at the following location:
    • Windows: %BMC_ITDA_HOME%\custom\conf\server
    • Linux: $BMC_ITDA_HOME/custom/conf/server
  4. In the olaengineCustomConfig.properties file, add the following properties:
    • consoleserver.protocol=https
    • consoleserver.port=9443
    • searchservice.port=9443
  5. In the searchserviceCustomConfig.properties file, add the following properties:
    • consoleserver.protocol=https
    • searchservice.port=9443

  6. Import the self-signed certificate into the Console Server's Java Runtime Environment (JRE) by using the following command:

    keytool -import -trustcacerts -alias <HostName-or-IP> -keystore $BMC_ITDA_HOME/jre/lib/security/cacerts -file <Certificate-Path>
    In this command, the following variables apply:

    • <HostName-or-IP> refers to the host name or IP address of the computer on which the Console Server is located.
    • <Certificate-Path> refers to the absolute path to the self-signed certificate of the Console Server.
  7. Re-start the Console Server. For more information, see Starting-or-stopping-product-services.
  8. Log on to the product in a supported browser.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC TrueSight IT Data Analytics 1.0