Enabling TLS server certificate validation for ETLs

TLS server certificate validation is disabled by default for following ETLs:

To enable server certificate validation for these ETLs, perform the following steps:

  1. Create customenv.sh file in the /opt/bmc/BCO folder on the remote ETL engine server.
    Ensure that the customenv.sh file is created using the cpit user.
  2. Add the following commands in the customenv.sh file:
    SSL_STRICT_CERTIFICATE_VALIDATION=true
    export SSL_STRICT_CERTIFICATE_VALIDATION
  3. Import the server certificates into the ETL's truststore located at /opt/bmc/BCO/jre/lib/security/cacerts
  4. Restart the Remote ETL Engine.
  5. Rerun the ETLs.

If you are upgrading the Remote ETL Engine, take a backup of the cacerts file /opt/bmc/BCO/jre/lib/security/cacerts and restore it back after the upgrade is complete. If not, you need to reimport the server certificates into the ETL's truststore after the upgrade. 

Was this page helpful? Yes No Submitting... Thank you

Comments