Enabling TLS server certificate validation for ETLs
TLS server certificate validation is disabled by default for following ETLs:
- BMC-TrueSight-Operations-Management-10-7-11-0-11-3-extractor
- BMC-TrueSight-Operations-Management-10-7-11-0-11-3-Generic-extractor
- BMC-Discovery-11-x-Extractor
- OpenStack-OpenStack-API-Extractor-Service
- VMware-vCenter-Extractor-Service
- VMware-vCenter-and-ESX-Server-History-Extractor
To enable server certificate validation for these ETLs, perform the following steps:
- Create customenv.sh file in the /opt/bmc/BCO folder on the remote ETL engine server.
Ensure that the customenv.sh file is created using the cpit user. - Add the following commands in the customenv.sh file:
SSL_STRICT_CERTIFICATE_VALIDATION=true
export SSL_STRICT_CERTIFICATE_VALIDATION - Import the server certificates into the ETL's truststore located at /opt/bmc/BCO/jre/lib/security/cacerts
- Restart the Remote ETL Engine.
- Rerun the ETLs.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*