Out of support


This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Generating self-signed certificates

BMC Atrium Single Sign-On is installed with a self-signed certificate: an identity certificate that is signed by the same entity whose identity it certifies.

A self-signed certificate is used in the following instances:

  • By the initial keystore created during installation of BMC Atrium Single Sign-On
  • For configuring Secure Sockets Layer (SSL) connection between the agent and the BMC Atrium Single Sign-On server

To create a new self-signed certificate

Run the following command:

  • For Microsoft Windows:

    keytool -export -alias tomcat -keystore %CATALINA_HOME%\conf\keystore.p12 -file %CATALINA_HOME%\conf\mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE


    C:\Users\>keytool -export -alias tomcat -keystore keystore.p12 -file mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE
    Certificate stored in file <mykey.cer>
  • For UNIX:

    keytool -export -alias tomcat -keystore $CATALINA_HOME/conf/keystore.p12 -file $CATALINA_HOME/conf/mykey.cer -storetype pkcs12 -storepass keystore_password -providername JsafeJCE

After you create a self-signed certificate, browsers and other programs issue warnings to users about an insecure certificate each time the user authenticates. You can prevent the certificate warning by permanently importing the self-signed certificate into the user's truststore. For more information, see Importing a certificate into cacerts.p12.

Was this page helpful? Yes No Submitting... Thank you