Creating a self-signed client-side certificate on the Application Server (Windows)

Use this procedure to create a file called id.pem, which contains the self-signed certificate for the Application Server and the private key associated with the certificate. Then add the passphrase used to encrypt the private key to the securecert file on the Application Server.

To create a self-signed client-side certificate on the Application Server

  1. Log into a Windows Application Server as Administrator.
  2. Create the following directory: C:\<WINDIR>\rsc\certs\SYSTEM
    Here, <WINDIR> is typically windows
  3. Run the following command to generate a self-signed Application Server certificate: 
    bl_gen_ssl -appcert 
    You are prompted to provide and confirm a passphrase. This passphrase is used to encrypt the private key in the id.pem file. The id.pem file is created in the C:\<WINDIR>\rsc\certs\SYSTEM directory. 

  4. Update the securecert file to include an encoded copy of the passphrase. To accomplish this, use the command line to enter the following: 
    secadmin -m default -cu SYSTEM -cp <passPhrase> 
    After issuing this command, the contents of the securecert file are updated to appear similar to the following. The encoded passphrase varies.

    [default]

    SYSTEM=FCUVOMLNGLVRZNOO

    For the installation of the first instance of TrueSight Server Automation, you can find the securecert file in the C:\<WINDIR>\rsc directory. If additional instances of TrueSight Server Automation are installed, you can find securecert in the <installDirectoryN>\NSH\conf\securecert directory. For example, the default location for the second instance of TrueSight Server Automation would be C:\Program Files\BMC Software\BladeLogic2\NSH.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*