Importing TrueSight Network Automation site certificates into Multi-Server Administration

Before you add any TrueSight Network Automation application server as a site into Multi-Server Administration, you need to import that application server's certificate into Multi-Server Administration. To import the certificate into Multi-Server Administration, first you need to export the certificate from the TrueSight Network Automation application server. 

Important

BMC recommends that site certificates should be imported by a user other than the msaadmin user.

Step 1: Export the certificate from the TrueSight Network Automation application server

  1. Log on to the computer where you have installed the TrueSight Network Automation application server.

  2. Navigate to the BCAN_HOME\java\bin (Windows) or BCAN_HOME/java/bin (Linux) directory and run the following command to export the certificate:

    • (Windows) 
      keytool.exe -exportcert -keystore "BCAN_DATA\.keystore" -alias tomcat -file TSNA-Certificate.cer
    • (Linux)
      ./keytool -exportcert -keystore BCAN_DATA/.keystore -alias tomcat -file TSNA-Certificate.cer

    In the above command, TSNA-Certificate.cer indicates the name of file to which the certificate will be exported.

  3. You are prompted for the keystore password. Enter the password that you entered on the Certificate Information panel while installing the TrueSight Network Automation application server.

Step 2: Import the TrueSight Network Automation site certificate into Multi-Server Administration

  1. Log on to the computer where Multi-Server Administration is installed.
  2. Copy the exported TrueSight Network Automation certificate from the application server (step 1) and paste it the MSA_HOME\java\bin (Windows) or MSA_HOME/java/bin (Linux) directory.

  3. Import the certificate into Multi-Server Administration by using the following command:

    • (Windows)

      keytool.exe -importcert -keystore "MSA_HOME\java\lib\security\cacerts" -alias tomcatSite1 -file "MSA_HOME\java\bin\TSNA-Certificate.cer"

    • (Linux) 

      ./keytool -importcert -keystore MSA_HOME/java/lib/security/cacerts -alias tomcatSite1 -file MSA_HOME/java/bin/TSNA-Certificate.cer

    In the above command, tomcatSite1 indicates the certificate alias name.

    Important

    Import each application server's certificate with a unique alias name. If you import the certificate with the same name as an existing one, the existing certificate is overwritten.

  4. When prompted for the password, enter the default Java trust store password. 
  5. Restart the TrueSight Network Automation – Multi-Server Administration Web Server service.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*