This documentation applies to the 8.1 version of Service Request Management, which is in "End of Version Support." You will not be able to leave comments.

To view the latest version, select the version from the Product version menu.

Generating keystore for CTSA adapter

Complete the following steps to prepare for adapter configuration.

To generate the keystore

  1. Run the BRIMParamCollector utility to obtain the OpenServices_param.zip file in the BMC Identity Management Suite.
    For more information about generating the zip file, see the "Create the Open Services parameters zip file" section of the BMC Identity Management Suite Configuration and Administration Guide.
  2. Unzip the generated OpenServices_param.zip file to obtain the idmCertFileName file.
    The OpenServices_param.zip file contains the following files:
    • os_Params.properties parameters file
    • (JBoss application server only) JBoss certificate file, which contains the server SSL public key, which is referred as the idmCertFileName file
    • all_profiles.properties file, which contains all the ESS logon profiles and their respective Open Services Unattended Administrator configured on the BMC Identity Management Suite. (This file is useful when configuring BMC Remedy Identity Management in multitenancy mode.)
  3. Create and export a new key pair and self-signed certificate using the keytool command.
    This procedure enables the user to create a new self-signed certificate and export the same certificate to allow the BMC Identity Management Suite applications to communicate with Identity Request Management.
    1. Create a folder called keystore on the computer where Identity Request Management is installed.
    2. Navigate to the <ARSystemHomeFolder>\irm\adapter\ctsa\8.1.00\keystore folder.
    3. Run the keytool command:
      %JAVA_HOME%\bin\keytool -genkey -alias <yourCertAlias> 
      -keystore <keyStoreName>.keystore -keyalg  <keyAlgorithm> 
      -sigalg MD5withRSA -storepass <yourPassword> -keypass <yourStorePassword> 
      -dname "CN= <fName> <lName>, OU=<orgUnit>, O=<org>, C=<country>"
      
      The parameters are defined as follows:
      • <yourCertAlias> — User's certificate alias name
      • <keyStoreName> — Name of keystore file
      • <keyAlgorithm> — Name of key algorithm (The name of the key algorithm should be RSA.)
      • <yourPassword> — Keystore password
      • <yourStorePassword> — User's password
      • <fName> — User's first name
      • <lName> — User's last name
      • <orgUnit> — User's organizational unit
      • <org> — User's organization or company

        Example

        keytool -genkey -alias irm_client_servername 
        -keystore irm-client.keystore -keyalg RSA 
        -sigalg MD5withRSA - torepass password -keypass password 
        -dname "CN=IRM Client, OU=IdM, O=BMC Software, C=US"
        
    4. (JBoss only) Perform one of the following actions:
      • (Microsoft Windows) Navigate to <ARSystemHomeFolder>\irm\adapter\ctsa\8.1.00\keystore and enter the following command at a command prompt:
        %JAVA_HOME%\bin\keytool -import -alias <idmCertAlias> -file <idmCertFileName> -keypass <yourPassword> -keystore <yourkeystore> -storepass <yourpassword>
      • (UNIX) Navigate to <ARSystemHomeFolder>/adapter/ctsa/8.1.00/keystore and enter the following command at a command prompt:
        $JAVA_HOME/bin/keytool -import -alias <idmCertAlias> -file <idmCertFileName> -keypass <yourPassword> -keystore <yourkeystore> -storepass <yourpassword>

        <idmCertFileName> is the name of the certificate file, and JAVA_HOME is the full path of the Java installation.

        Example

        keytool -import -alias jboss_ssl -file idmcertfile.cer -keypass <password> -keystore irm-client.keystore -storepass <password>

    5. When prompted, select the <idmCertFileName> as the trust certificate.
      keytool -list -keystore  yourKeyStore -storepass yourPassword
      
  4. Import the created certificate file to BMC Identity Management Suite.
    1. Log on to the computer where the BMC Remedy AR System server is installed.
    2. Copy the irmCertFileName certificate file from the <ARSystemHomeFolder>\irm\adapter\ctsa\8.1.00\keystore folder to the computer where the BMC Identity Management Suite is installed.
    3. Log on to the computer where the BMC Identity Management Suite is installed.
      idm_tools keystore_idm -import  irmCertFilePath -alias yourCertAlias
      
    4. When prompted, enter the BMC Identity Management Suite system password.
    5. Restart BMC Identity Management Suite.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments