Out of support

 

This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Adding and removing a CA certificate

Adding another certificate is necessary when one or more of the following conditions exist:

  • Common Access Card (CAC) authentication is used.
  • The Department of Defense (DoD) issues new CA certificates.
  • You are using SSL with LDAP for authentication.

By default, the BMC Atrium Single Sign-On truststore already contains the current certificates for CAC.

Adding a CA certificate

To add another CA certificate, see Importing a certificate into cacerts.p12

Note

Replacing the self-signed certificate on the BMC Atrium Single Sign-On server invalidates the certificates that are already accepted by users. In addition, you must install the new certificate into the truststore of all integrated BMC applications.

Removing a CA certificate

Before you remove a certificate, identify the alias of the certificate by listing the contents of stores. 

To list the contents of stores

  1. To list the contents of the truststore, use the following command:

    keytool -v -list -keystore -cacerts.p12 -storepass changeit -providername JsafeJCE
  2. To  list the contents of the keystore, use the following command:

    keytool -v -list -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

To remove an existing certificate

  1. To remove an existing certificate (identified by myAlias in this example) from the truststore, use the following command:

    keytool -delete -alias myAlias -keystore cacerts.p12 -storepass changeit -providername JsafeJCE

     

  2. To remove a certificate from the keystore, use the following command:

    keytool -delete -alias myAlias -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

Where to go from here

Generating and importing CA certificates

Was this page helpful? Yes No Submitting... Thank you

Comments