×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Server Automation 8.3 ... Configuring after installation Administering security Using certificates to secure communication between clients and Application Servers

Generating a self-signed certificate for an Application Server

Performing this procedure generates a 2048-bit RSA key and a self-signed certificate for an Application Server. The certificate is valid for three years, and it is stored under the "blade" alias.

To generate a self-signed certificate for an Application Server

  1. From <installDirectory>/bin, enter the following command:
    blmkcert CN= <hostname> <jksFileName> <password>
    The command shown above has the following parameters:
    • <hostname> — Typically set to the host name where you are generating the certificate.
    • <jksFileName> — The full path to the keystore file that you are generating. This file should be stored in the /deployments directory for the Application Server that is being updated, such as <installDirectory>/br/deployments.
    • <password> — A password used to encrypt the generated keystore file.

    For example, if you are generating a self-signed certificate on a Windows server called winappserver1, you might enter a command similar to the following:
    blmkcert CN=winappserver1 "C:\Program Files\BMC Software\BladeLogic\NSH\br\deployments\bladelogic.keystore" ********

    Note

    If you are replacing an existing certificate, typically after the existing certificate has expired, this command overwrites the existing bladelogic.keystore file on the Application Server.

  2. If you are replacing an existing certificate, typically after the existing certificate has expired, perform the following additional steps:
    1. Stop the Application Server.

    2. Run the following commands if the file name or password are different from those used when the Application Server was installed:

      blasadmin -a set appserver certstore bladelogic.keystore
blasadmin -a set appserver certpasswd <keystorePassword>
    3. Remove the existing certificate at each of the RCP clients that are associated with the Application Server.
    4. Start the Application Server.
    5. The first time that you connect to each of these RCP clients, you are informed that a new certificate has arrived from the Application Server. Accept the new certificate.
  3. If you are using a multi-Application Server environment, copy the JKS file you generated in step 1 from this Application Server to all cooperating Application Servers. If a new password is needed, update the password for each cooperating Application Server. For information about this process, see Synchronizing keystore files of multiple Application Servers.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Yechezkel Schatz on Feb 01, 2016
certificate security application_server client

Comments

Log in or register to comment.

Using certificates to secure communication between clients and Application Servers
Securing communication with CA certificates
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.