By default, TEA Agents use pregenerated, self-signed certificates for authentication with App Visibility Manager. You can use your own custom certificates.
You can update certificates before installing your TEA Agents, or you can update certificates on TEA Agents that are already installed.
This topic contains the following sections:
This topic does not include Changing security certificates in App Visibility components. This topic only describes the procedures for changing security certificates on TEA Agents.
This procedure creates the ..\Disk1\files\security\custom folder. The custom certificate is then included in your TEA Agent installation. The files are also used by the installer and the other utilities on the TEA Agent for communicating with App Visibility components.
Enter the required parameters:
Enter the keystore file name (full path) :
|Enter the full path and file name of your keystore in its source folder. The keystore must be in .jks format.|
|Enter the truststore file name (full path) :||Enter the full path and file name of your truststore in its source folder. The truststore must be in .jks format.|
|Enter the keystore passphrase:||Enter the passphrase for the keystore. The certificate replacement utility encrypts the passphrase. Do not encrypt it before entering it here. The keystore passphrase must match the key passphrase in the keystore.|
If your truststore and your keystore use different passwords, the certificate replacement tool displays a message saying JKS convert procedure failed. Exit the utility, check log for more information. If you see this message, change the truststore password to match the keystore password as follows:
Run the keytool from the ..\Disk1\files\jre\bin\keytool.exe folder as follows.
NewPwd indicates the new password for your truststore, which must match the keystore password.
Enter your original truststore password when prompted by the keytool to Enter keystore password.
The certificate replacement utility:
Creates the ..\Disk1\files\security\custom folder
Creates .pem files for the TEA Agent
Encrypts the keystore passphrase
Creates the cert.properties file with the new .jks files, .pem files, and encrypted keystore passphrase
Puts the .pem files, .jks files, and cert.properties file in the custom folder
(Recommended) Perform the procedure in To test the connection to your App Visibility portal.
To install additional TEA Agents with the same custom certificates, copy the entire ..\Disk1\files\security\custom folder to the same location in the installer you are using to install the additional TEA Agents.
If you are installing additional TEA Agents using the same installer, no action is necessary. All installations from the same installer will use the custom certificates.
Perform the following test to check the connection to your App Visibility portal using the certificates in the ..\Disk1\files\security\custom folder:
Enter the required parameters or press Enter to accept the default values:
Enter App Visibility host name/IP:
Enter the host name or IP address of the computer where your App Visibility portal is installed.
Enter App Visibility port number (default 8100):
Enter the port number that your App Visibility portal uses, or press Enter to accept the default value.
The certificate replacement tests the connection with the App Visibility portal.
Enter the required parameter or press Enter to accept the default values:
Enter TEA Agent working folder location (press enter for default):
Enter the full path to your TEA Agent working folder, or press Enter to accept the default value.
Default: C:\Program Files (x86)\BMC Software\BMCTEAAgent\TEAAgent\WorkingFolder
The certificate replacement utility:
Stops the TEA Agent service
Copies the .pem files and .jks files from the ..\Disk1\files\security\custom folder to the WorkingFolder\Conf\cert folder on your TEA Agent
Restarts the TEA Agent service
If you run the TEA Agent as a process, stop the TEA Agent service (which was started automatically by the certificate replacement utility), and restart the TEA Agent process. See Starting and stopping a synthetic TEA Agent as a process for more details.
To deploy your certificates to additional TEA Agents that are connected to the same App Visibility portal:
Use this procedure to encrypt your TEA Agent passphrase if you want to build a cert.properties file manually.
Enter the required parameter:
Enter a passphrase you want to encrypt:
Enter a passphrase.
The certificate replacement tool displays the encrypted passphrase. Copy the passphrase and paste it where you need it.