Configuring BMC Atrium Orchestrator Development Studio to communicate with a CDP over HTTPS

To run the BMC Atrium Orchestrator Development Studio over HTTPS with a self-signed certificate, configure the Java virtual machine (JVM) to trust the SSL certificate on the CDP host. Export the SSL certificate from the CDP keystore and import it into the trust store that BMC Atrium Orchestrator Development Studio uses.

If the CDP is using a certificate from a certifying authority, you do not need this procedure.

Before you begin

Configure the CDP host to support HTTPS, ensuring the certificate that enables HTTPS has not expired.
By default, the trust store on the machine that hosts Development Studio uses the password changeit. The keystore entry on the CDP host uses the alias tomcat.

Note

If you do not have access to the server where the CDP is installed, you can still export the certificate from your browser. To export the certificate, log on to CDP over HTTPS and save the certificate as X.509 Certificate (PEM). You can perform the steps mentioned in export the certificate file from the keystore on the CDP and import it into the development studio trust store to import it in the BMC Atrium Orchestrator Development Studio trust store.  

To export the certificate file from the keystore on the CDP and import it into the BMC Atrium Orchestrator Development Studio trust store

  1. Log on to the CDP server using the same credentials used for starting the CDP.

    • For Linux and UNIX environments, start a Terminal session and navigate to the AO_HOME/jvm/bin directory on the CDP. Enter the following command:

      keytool -export -alias tomcat -file tomcat.crt -keystore <keystoreLocation/keystoreFile>

    • In a Microsoft Windows environment, from a command prompt on the CDP server, navigate to the AO_HOME\jvm\bin directory and enter the following command:

      keytool -export -alias tomcat -file tomcat.crt -keystore <keystoreLocation\keystoreFile>

  2. When prompted, enter the keystore password.

    Note

    The default password for the keytool utility is changeit. If you change the default password, also change the password listed in the BMC Software/AO/tomcat/conf/server.xml file.

    The following line is displayed, indicating that a certificate file called tomcat.crt has been stored in the directory from which the command was entered.

    Certificate stored in file <tomcat.crt>
  3. Copy the tomcat.crt certificate file to the *%DEVSTUDIO_HOME%/jre/lib/security* directory on the BMC Atrium Orchestrator Development Studio workstation.
  4. Using an account with administrative privileges, log on to the Development Studio.
  5. Open a command prompt and navigate to the %DEVSTUDIO_HOME%/jre/lib/security directory.

  6. Enter the following command:

    ..\..\bin\keytool.exe -import -trustcacerts -alias _\[alias\]_ -file tomcat.crt -keystore cacerts

  7. When prompted, enter the keystore password.

    The system returns the certificate details. The details will vary, but the information will look similar to the following example:

    Owner: CN=BMC Customer, OU=RealOps, O=BMC DCA, L=Herndon, ST=VA, C=US
    Issuer: CN=BMC Customer, OU=RealOps, O=BMC DCA, L=Herndon, ST=VA, C=US
    Serial number: 46bb6dd8
    Valid from: Thu Aug 09 15:41:12 EDT 2007 until: Mon Dec 25 14:41:12 EST 2034
    Certificate fingerprints:
             MD5: 06:0E:D2:82:68:01:6B:3F:84:70:D4:63:68:B2:CE:89
    SHA1: CF:F0:94:41:CE:5C:AD:7F:97:52:01:C2:A8:6F:E5:ED:5B:79:32:5B

  8. When prompted with Trust this certificate? \[conbaosys:no\], type yes and press Enter.

    The statement Certificate was added to keystore is displayed, confirming that you can start BMC Atrium Orchestrator Development Studio over HTTPS for the CDP host.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*