Implementing private certificates in TrueSight Smart Reporting - Platform

This topic was edited by a BMC Contributor and has not been approved.  More information.

This topic explains how to implement CA-signed certificates for TrueSight Smart Reporting - Platform.

To create a signed certificate for TrueSight Smart Reporting

  1. Log in to the server where TrueSight Smart Reporting - Platformis installed.
  2. Take a backup of the <TrueSight Smart Reporting Installation Directory>\TrueSightSmartReporting\appserver\conf\tsr.keystore file.
  3. Locate the Java installation used by TrueSight Smart Reporting - Platform and note the path for use in the below commands. The JRE_HOME variable in the  <TrueSight Smart Reporting Installation Directory>\TrueSightSmartReporting\appserver\bin\catalina.[bat|sh] 

  4. Generate a new keystore and key:

    1. Open a command prompt and navigate to a temporary location:
      (Windows) C:\Temp
      (Linux) /tmp

    2. Run the following command:

      <JRE_HOME>\bin\keytool -genkey -alias smartreporting -keyalg RSA -keystore <keystoreFile> -storepass <keystorePassword> -dname "CN=<TSSR FQDN>" -keypass
       <keyPassword> -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks

      The alias must be smartreporting

      The keystore file name must be tsr.keystore

      The keypass and storepass must be the same

      You must use the current keystore password defined in the <TrueSight Smart Reporting Installation Directory>\TrueSightSmartReporting\appserver\conf\server.xml file when generating a new keystore. If you would like to change the password, then after performing the rest of the steps on this page, refer to .Changing and configuring the keystore password v20.02


      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -genkey -alias smartreporting -keyalg RSA -keystore C:\Temp\tsr.keystore -storepass password -dname "" -keypass
       password -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks


      /usr/local/jre-11.0.7_10/bin/keytool -genkey -alias smartreporting -keyalg RSA -keystore /tmp/tsr.keystore -storepass <keystorePassword> -dname "CN=<TSSR FQDN>" -keypass
       <keystorePassword> -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks
  5. Create a request for a signed certificate:
    1. Run the following command to create a certificate signing request (CSR):

      <JRE_HOME>\bin\keytool.exe -certreq -alias smartreporting -keystore <keystoreFile> -storepass <keystorePassword> -keypass <keyPassword> -ext san=dns:<TSSR FQDN> -file <CSRFileName>


      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -certreq -alias smartreporting -keystore "C:\Temp\tsr.keystore" -storepass password -keypass password -ext file "C:\Temp\tssr.csr"


      /usr/local/jre-11.0.7_10/bin/keytool -certreq -alias smartreporting -keystore /tmp/tsr.keystore -storepass password -keypass password -ext -file /tmp/tssr.csr
  6. Send the CSR to the CA for signing and request the CA to return the signed certificate file in the .p7b format.  The p7b will contain the signed cert and the ca-chain certs.
  7. Import the signed certificate into the keystore . 
    1. Run the following command to import the certificate into the keystore:

      <JRE_HOME>/bin/keytool -importcert -keystore <keystoreFile> -file <cert.p7b> -storepass <keystorePassword> -keypass <keyPassword> -alias smartreporting -storetype jks -trustcacerts


      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -importcert -keystore "C:\Temp\tsr.keystore" -file "C:\temp\tssr.p7b" -storepass password -keypass password -alias smartreporting -storetype jks -trustcacerts


      /usr/local/jre-11.0.7_10/bin/keytool -importcert -keystore /tmp/tsr.keystore -file /tmp/tssr.p7b -storepass password -keypass password -alias smartreporting -storetype jks -trustcacerts
  8. Stop the TrueSight Smart Reporting - Platformservice.

  9. (Windows) sc stop TrueSightSmartReporting
    (Linux) <TSSR-P_Installation_directory>/appserver/bin/
  10. Copy the new keystore file from the temporary location to <TSSR-P_Installation_directory>/appserver/conf/tsr.keystore
  11. Copy the new tsr.keystore file to the <TSSR-P_Installation_directory>\utilities\cli directory, overwriting the existing tsr.keystore file.
  12. Start  the TrueSight Smart Reporting - Platform service.
    • (Windowssc start TrueSightSmartReporting
    • (Linux<TSSR-P_Installation_directory>/appserver/bin/

To verify the connection to TrueSight Smart Reporting from the browser

You can verify that the new certificates are successfully applied on TrueSight Smart Reporting - Platform. To do this:

  1. Close all browser instances.
  2. Open the following URL in a new browser instance:
    https://<TrueSight Smart Reporting hostname>:<port>/tsr
  3. Verify that the TrueSight Smart Reporting - Platform URL opens in the https mode and shows the connection as secure.

Was this page helpful? Yes No Submitting... Thank you


  1. Isaac Matta

    In the "To apply the new keystore in TrueSight Smart Reporting" section, we should include below command:

    Windows TSR.bat configurekeystorepassword -d localhost -p 8443 -u tssradmin -w admin12345 -cp password1234 -np password6789 -s Linux ./ configurekeystorepassword -d localhost -p 8443 -u tssradmin -w admin12345 -cp password1234 -np password6789 -s

    Jul 15, 2020 10:50
    1. Mukta Kirloskar

      Hi Isaac,

      I have sent an email to Abhijit Jadhav for this.

      Thank you.

      Jul 16, 2020 09:34
      1. Mukta Kirloskar

        Hi Isaac,

        This step is required if you change the keystore repository password while applying the new keystore. You can keep the same password and change it later. Refer to this topic: Changing and configuring the keystore password

        Therefore, this step is not required to be added here.

        Thank you.

        Oct 28, 2020 02:20