Configuring BMC Atrium Orchestrator Development Studio to communicate with a CDP over HTTPS

To run the BMC Atrium Orchestrator Development Studio over HTTPS with a self-signed certificate, configure the Java virtual machine (JVM) to trust the SSL certificate on the CDP host. Export the SSL certificate from the CDP keystore and import it into the trust store that BMC Atrium Orchestrator Development Studio uses.

If the CDP is using a certificate from a certifying authority, you do not need this procedure.

Before you begin

Configure the CDP host to support HTTPS, ensuring the certificate that enables HTTPS has not expired.
By default, the trust store on the machine that hosts Development Studio uses the password changeit. The keystore entry on the CDP host uses the alias tomcat.

To export the certificate file from the keystore on the CDP and import it into the BMC Atrium Orchestrator Development Studio trust store

1. Log on to the CDP server using the same credentials used for starting the CDP.

   • For Linux and UNIX environments, start a Terminal session and navigate to the AO_HOME/jvm/bin directory on the CDP. Enter the following command:

     keytool -export -alias tomcat -file tomcat.crt -keystore <keystoreLocation/keystoreFile>

   • In a Microsoft Windows environment, from a command prompt on the CDP server, navigate to the AO_HOME\jvm\bin directory and enter the following command:

     keytool -export -alias tomcat -file tomcat.crt -keystore <keystoreLocation\keystoreFile>

2. When prompted, enter the keystore password.

   Note

   The default password for the keytool utility is changeit. If you change the default password, also change the password listed in the AO_HOME/tomcat/conf/server.xml file.

   The following line is displayed, indicating that a certificate file called tomcat.crt has been stored in the directory from which the command was entered.

   Certificate stored in file <tomcat.crt>
3. Copy the tomcat.crt certificate file to the *%DEVSTUDIO_HOME%/jre/lib/security* directory on the BMC Atrium Orchestrator Development Studio workstation.
4. Using an account with administrative privileges, log on to the Development Studio.
5. Open a command prompt and navigate to the %DEVSTUDIO_HOME%/jre/lib/security directory.

6. Enter the following command:

   ..\..\bin\keytool.exe -import -trustcacerts -alias _\[alias\]_ -file tomcat.crt -keystore cacerts

7. When prompted, enter the keystore password.

   The system returns the certificate details. The details will vary, but the information will look similar to the following example:

   Owner: CN=BMC Customer, OU=RealOps, O=BMC DCA, L=Herndon, ST=VA, C=US
   Issuer: CN=BMC Customer, OU=RealOps, O=BMC DCA, L=Herndon, ST=VA, C=US
   Serial number: 46bb6dd8
   Valid from: Thu Aug 09 15:41:12 EDT 2007 until: Mon Dec 25 14:41:12 EST 2034
   Certificate fingerprints:
            MD5: 06:0E:D2:82:68:01:6B:3F:84:70:D4:63:68:B2:CE:89
   SHA1: CF:F0:94:41:CE:5C:AD:7F:97:52:01:C2:A8:6F:E5:ED:5B:79:32:5B

8. When prompted with Trust this certificate? \[conbaosys:no\], type yes and press Enter.

   The statement Certificate was added to keystore is displayed, confirming that you can start BMC Atrium Orchestrator Development Studio over HTTPS for the CDP host.