Enabling TLS server certificate validation for ETLs


TLS server certificate validation is disabled by default for following ETLs:

To enable server certificate validation for these ETLs, perform the following steps:

  1. Create customenv.sh file in the /opt/bmc/BCO folder on the remote ETL engine server.
    Ensure that the customenv.sh file is created using the cpit user.
  2. Add the following commands in the customenv.sh file:
    SSL_STRICT_CERTIFICATE_VALIDATION=true
    export SSL_STRICT_CERTIFICATE_VALIDATION
  3. Import the server certificates into the ETL's truststore located at /opt/bmc/BCO/jre/lib/security/cacerts
  4. Restart the Remote ETL Engine.
  5. Rerun the ETLs.

If you are upgrading the Remote ETL Engine, take a backup of the cacerts file /opt/bmc/BCO/jre/lib/security/cacerts and restore it back after the upgrade is complete. If not, you need to reimport the server certificates into the ETL's truststore after the upgrade. 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*