This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing a certificate into the keystore


After generating a new certificate and getting it signed by a Certificate Authority (CA), you must import the certificate into the keystore. The certificate must be in

  • Printable DER format (file extension .pem)
  • Binary DER format (file extensions .cer, .crt, or .der)
  • PKCS#12 format.

Note

You can now import the complete chain of certificates and all the intermediate certificates from your CA by using the Certificates tab in the Server Configuration Editor.

You can also delete the self-signed certificate prior to importing the CA signed certificate.

To import the certificate

  1. On the BMC Atrium SSO Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.
  2. On the Certificates tab, select KeyStore from the Certificate Store list.
  3. Click Import. The Upload Certificate dialog box is displayed. You can upload the certificate by using one of the following options:
    • PEM Encoded Certificate — Use this option to copy the certificate details.
    • HTTPS URL — Enter the host and port from which to capture a certificate.
    • DER/PEM/PKCS12 Encoded File — To import a key pair, upload the PEM-encoded PEM or DER files. To import a chain of certificates, upload the PKCS#12 file. When you select PKCS#12, an additional password field is provided, allowing you to enter the password for the keystore. This password is used for decrypting the private key of the signed certificate.

      Importing a certificate into the keystore.png

  4. Click Upload. After the file is uploaded, the Import Certificate Editor is displayed. This editor displays all the information about the imported certificate. If the certificate that you have imported is a chained certificate, the hierarchy of the certificate chain is displayed in the Import Certificate Editor.
  5. Enter the alias (tomcat) for each certificate or key pair that you are uploading to the KeyStore.
  6. Click OK to close the Import Certificate Editor. You are prompted to confirm whether you want to copy the same certificate in the TrustStore. Based on your confirmation, the certificate is created, and it appears in the list of TrustStore certificates as well.

    Recommendation

    You must choose to copy the certificate while creating a new key pair. You must also copy the same the certificate to the TrustStore on other nodes when BMC Atrium Single Sign-On is deployed in HA mode.

    To verify whether the certificate has been imported into the truststore, see Checking-the-truststore-for-certificates.

  7. Click Save to close the Server Configuration Editor.
  8. Stop and restart the BMC Atrium Single Sign-On server.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*