Securing your deployment using SSL

To ensure the security of data transfers between client and servers in your deployment, use Secure Sockets Layer (SSL). This topic describes how to configure TrueSight Network Automation - Data Warehouse for SSL.

For configuring TrueSight Network Automation - Data Warehouse for SSL, general steps are:

  1. Create a certificate signing request (CSR) for the existing keystore.
  2. Send the CSR to a Certification Authority (CA).
  3. Import the CA-provided certificates.

These steps are explained in the following procedure.

Before you begin

  • Back up the installation directory.
  • Certificate can be issued and authenticated only for the Common Name (CN) that was provided during installation. For example, if you have provided server1 as the CN during installation, you can use only http://server1 as the URL to access web applications, not http://server1.domain.com. If you have provided a Fully Qualified Domain Name (FQDN) name in CN, only then you can use FQDN. However, in that case short name (server1) does not get verified. 

Configuring TrueSight Network Automation - Data Warehouse for SSL

  1. From the Windows Services console, stop theTrueSight Network Automation - Data Warehouse
    Web Server service.
  2. From the command prompt, navigate to the folder where Keytool is present. Default location is <TSNADWInstallationDirectory>\java\bin.

  3. Enter the following command to generate a certificate signing request (CSR):

    keytool -certreq -keyalg RSA -alias tomcat -file C:\certreq.txt -keystore C:\Program Files\BMC Software\TSNADW\tomcat\conf\dwSslCertificate.cert
  4. When prompted for keystore password, enter 1emprisa (default keystore password).
    certreq.txt is the output file containing CSR, which is generated in the C:\ directory. 
  5. Send certreq.txt to a CA for signing, or use your own CA and get the CSR signed by this CA.
    The CA returns a signed certificate and a root certificate.
  6. Copy the certificate files received from CA to the <TSNADWInstallationDirectory>\tomcat\conf directory.
  7. From the command prompt, navigate to the <TSNADWInstallationDirectory>\java\bin directory.

  8. Enter the following command to import the root certificate:

    keytool -import -alias root -keystore C:\Program Files\BMC Software\TSNADW\tomcat\conf\dwSslCertificate.cert -trustcacerts -file <rootCertificate>
  9. When prompted for keystore password, enter 1emprisa (default keystore password) and then press Enter.

  10. Enter the following command to import the signed certificate:

    Note

    This step is optional if a signed CA certificate is already present on your computer.

    keytool -import -alias tomcat-keystore C:\Program Files\BMC Software\TSNADW\tomcat\conf\dwSslCertificate.cert -file <signedCertificate>

     

  11. When prompted for keystore password, enter 1emprisa (default keystore password) and then press Enter.
  12. Verify that the following messages appears on the command line: Certificate reply was installed in keystore.
  13. From the Windows Services console, start the TrueSight Network Automation - Data Warehouse Web Server service.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*