Skip to Content

Configuring SSL for Linux Platform Manager

  1. Download OpenSSL.
     See this website to obtain a tar file for OpenSSL.
  2. Copy the installation package to the location where you want to install OpenSSL, and run the following command to unpack the tar file:
    tar -xf openssl-0.9.8c.tar.gz
  3. Cd to the directory where OpenSSL is installed and create the following directories. All directories should provide read, write, and execute permissions.
    • demoCA
    • demoCA/certs
    • demoCA/crl
    • demoCA/newcerts
    • demoCA/private
  4. Run the following commands to copy files between directories:
    cp apps/demoCA/index.txt demoCA/index.txt
    cp apps/demoCA/serial demoCA/serial

  5. In the /etc/pki/tls/openssl.conf file, edit the CA_default section so it identifies the location of /demo directory. 


    [ CA_default ]
    dir      = <openssl_install_dir>/demoCA       # Where everything is kept

Generating a CA certificate

  1. Cd to the OpenSSL directory. For example: openssl-0.9.8c.
  2. Enter the following command:
    openssl req -new -x509 -days 365 -keyout cakey.pem -out cacert.pem
     The system prompts you for a pass phrase.
  3. Enter a pass phrase. When prompted, repeat the pass phrase to confirm your entry.
  4. When prompted, provide the requested information or enter a dot to leave the field blank. When prompted for a common name, enter the host name or IP address of the Linux Platform Manager host.
     OpenSSL generates a cakey.pem and a cacert.pem file in your current directory.

Generating an SSL certificate request

  1. Cd to the OpenSSL directory. For example: openssl-0.9.8c
  2. Enter the following command:
    openssl req -new -nodes -out req.pem -keyout reqkey.pem
     The system prompts you for a pass phrase.
  3. Enter a pass phrase. When prompted, repeat the pass phrase to confirm your entry.
  4. When prompted for additional information, provide the requested information or enter a dot to leave the field blank. When prompted for a common name, enter the host name or IP address of the Linux Platform Manager host.
     OpenSSL generates a req.pem and a reqkey.pem file in your current directory.

Generating a signed SSL certificate

  1. From your current directory, run the following commands to copy files:
    cp cakey.pem openssl-0.9.8c/apps/demoCA/private/.
    cp cacert.pem openssl-0.9.8c/apps/demoCA/private/.
  2. Enter the following command:
    openssl ca -out cert.pem -infiles req.pem
     The system prompts you for a pass phrase.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Cloud Lifecycle Management 2.1.00