Creating a self-signed client-side certificate on the Application Server (UNIX)

Use this procedure to create a file called id.pem, which contains the self-signed certificate for the Application Server and the private key associated with the certificate. Then, add the passphrase used to encrypt the private key to the securecert file on the Application Server.

TrueSight Server Automation does not load the certificate if group or world permissions are set for the id.pem file or the .bladelogic directory, where the id.pem file is generated.

To create a self-signed client-side certificate on the Application Server

  1. Log into the UNIX system on the Application Server as root, and enter the following command: 
    su - bladmin 
    You are logged in as the bladmin user.
  2. Enter the following command: 
    /opt/bmc/bladelogic/NSH/bin/bl_gen_ssl 
    After entering the command, you are prompted to provide and then confirm a passphrase. This passphrase is used to encrypt the private key in the id.pem file. The id.pem file is created in the <bladminUserHome>/.bladelogic directory. On UNIX, the Application Server runs as the bladmin user.
  3. Enter exit to revert to the root user.

  4. Update the securecert file (located in the /etc/rsc directory) to contain an encoded copy of the passphrase. To accomplish this, use Network Shell to enter the following: 
    secadmin -m default -cu bladmin -cp <passPhrase> 
    After issuing this command, the contents of the securecert file are updated so they are similar to the following. The encoded passphrase varies.

    [default]

    bladmin=FCUVOMLNGLVRZNOO

  5. Ensure that access is restricted to the id.pem file and the .bladelogic directory by running the following commands:

    chmod 700 /opt/bmc/bladelogic/NSH/br/.bladelogic
    chmod 600 /opt/bmc/bladelogic/NSH/br/.bladelogic/id.pem


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*