Enabling TLS server certificate validation for ETLs

TLS server certificate validation is disabled by default for following ETLs:

BMC-TrueSight-Operations-Management-10-7-11-0-11-3-extractor
BMC-TrueSight-Operations-Management-10-7-11-0-11-3-Generic-extractor
BMC-Discovery-11-x-Extractor
OpenStack-OpenStack-API-Extractor-Service
VMware-vCenter-Extractor-Service
VMware-vCenter-and-ESX-Server-History-Extractor

To enable server certificate validation for these ETLs, perform the following steps:

Create customenv.sh file in the /opt/bmc/BCO folder on the remote ETL engine server.
Ensure that the customenv.sh file is created using the cpit user.
Add the following commands in the customenv.sh file:
SSL_STRICT_CERTIFICATE_VALIDATION=true
export SSL_STRICT_CERTIFICATE_VALIDATION
Import the server certificates into the ETL's truststore located at /opt/bmc/BCO/jre/lib/security/cacerts
Restart the Remote ETL Engine.
Rerun the ETLs.

If you are upgrading the Remote ETL Engine, take a backup of the cacerts file /opt/bmc/BCO/jre/lib/security/cacerts and restore it back after the upgrade is complete. If not, you need to reimport the server certificates into the ETL's truststore after the upgrade.

Enabling TLS server certificate validation for ETLs

On this page