Generating self-signed certificates
BMC Atrium Single Sign-On is installed with a self-signed certificate: an identity certificate that is signed by the same entity whose identity it certifies.
A self-signed certificate is used in the following instances:
- By the initial keystore created during installation of BMC Atrium Single Sign-On
- For configuring Secure Sockets Layer (SSL) connection between the agent and the BMC Atrium Single Sign-On server
To create a new self-signed certificate
Run the following command:
For Microsoft Windows:
keytool -export -alias tomcat -keystore %CATALINA_HOME%\conf\keystore.p12 -file %CATALINA_HOME%\conf\mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE
C:\Users\>keytool -export -alias tomcat -keystore keystore.p12 -file mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE Certificate stored in file <mykey.cer>
keytool -export -alias tomcat -keystore $CATALINA_HOME/conf/keystore.p12 -file $CATALINA_HOME/conf/mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE
After you create a self-signed certificate, browsers and other programs issue warnings to users about an insecure certificate each time the user authenticates. You can prevent the certificate warning by permanently importing the self-signed certificate into the user's truststore. For more information, see Importing a certificate into cacerts.p12.