×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Documentation update

   

To provide a better user experience, we have now created a separate documentation space for Helix Vulnerability Management.
Users of Helix Vulnerability Management (includes BMC Helix Automation Console) can find the latest documentation at BMC Helix Vulnerability Management Open link .
BMC Automation Console 20.08 ... Installing Configuring after installation

Adding a trusted certificate

MultiExcerpt named OnPremisesOnlyBanner was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

You may choose to use a certificate issued by a certificate authority or any trusted source instead of using the default self-signed certificate that TrueSight Automation Console provides. This topic provides the procedure to replace existing SSL certificate with certificate that you may have obtained from a trusted source. 

To add a trusted certificate

Before adding a trusted certificate to your Automation Console environment, you need to generate a CSR and a private key.  

  1. To generate a private key, run the following command:

    # openssl genrsa -out <private key file name> <2048|4096>

For example: # openssl genrsa -out www.hostname.com.key.pem 2048

  2. To create a certificate signing request (CSR), run the following command:

    # openssl req \
      -key <private key file name> \
      -new -sha256 -out <certificate file name>


For example: 
# openssl req \
      -key www.hostname.com.key.pem \
      -new -sha256 -out www.hostname.com.csr.pem

Enter pass phrase for www.hostname.com.key.pem: <password>
You are about to be asked to enter information that will be incorporated into your certificate request.
-----
Country Name (2 letter code) [XX]:US
State or Province Name []:California
Locality Name []:San Jose
Organization Name []:BMC Software
Organizational Unit Name []:Security and Operations
Common Name []:www.bmc.com
Email Address []:notify@bmc.com

    <filename>.csr.pem file that contains the CSR is generated.

  3. Send the CSR file to a CA for signing using one of the following methods. The CA will authenticate the certificate requestor (usually off-line) and will return a certificate or certificate chain, used to replace the existing certificate chain (which initially consists of a self-signed certificate) in the keystore.
    • Have the CSR be signed by a commercial CA. This process usually requires you to post the CSR into a web form, pay for the signing, and await the signed SSL certificate. 
      OR
    • Use your own CA and get the CSR signed by this CA.

  4. If using a commercial CA, download the certificates in a .pem format.
    For example, www.hostname.com.cert.pem file.

  5. If using your private or company specific CA, download the certificates in a .pem format and then do these steps:

    1. Download the public certificate of the root or any intermediary certificates who has signed the certificate.
      This is needed as the default Java runtime does not have access to the certificates.

    2. Run the following command to create a certificate chain by concatenating the root, intermediary, and the signed certificate:

      cat <any root certificate> <any intermediate certificate> <downloaded signed certificate> > <www.hostname.com.cert.pem>

  6. On a host where the TrueSight Automation Console application is installed, run the following commands to back up the existing certificate files:

    cp <install_dir>/application/common/certs/tsvmSslCertificate.crt <install_dir>/application/common/certs/tsvmSslCertificate.crt.original

cp <install_dir>/application/common/certs/tsvmSslCertificate.key <install_dir>/application/common/certs/tsvmSslCertificate.key.original

  7. Rename and copy the certificate files that you generated from a CA to the names specified here: 

    • www.hostname.com.cert.pem --> tsvmSslCertificate.crt
    • www.hostname.com.key.pem --> tsvmSslCertificate.key
    cp <trusted ca cert file name> <install_dir>/application/common/certs/tsvmSslCertificate.crt
Example: cp <www.hostname.com.cert.pem> <install_dir>/application/common/certs/tsvmSslCertificate.crt

cp <trusted ca key file name> <install_dir>/application/common/certs/tsvmSslCertificate.key
Example: cp <www.hostname.com.key.pem> <install_dir>/application/common/certs/tsvmSslCertificate.key


  8. Restart the application. 

    /opt/bmc/stackmanager restart --deployment application

    You can now log on to TrueSight Automation Console using the trusted certificates. 

Where to go next?

Now that you have configured trusted certificates, administrators can start setting up the application for your patch and vulnerability management needs. You can start using the features based on your role and requirements. See Using


Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Hardikar on Nov 12, 2020

Comments

Log in or register to comment.

Configuring application clusters
Uninstalling
© Copyright 2019-2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.