Using the BMC Database Automation adapter in SSL mode

This topic describes enabling the BMC Database Automation application's REST-based API to listen to Hypertext Transfer Protocol Secure (HTTPS) and to enable the adapter to work in Secure Sockets Layer (SSL) mode.

To enable the BMC Database Automation application's REST-based API for HTTPS

1. Navigate to the /app/clarity/dmanager/etc/mtd.conffile on the computer where you have installed the BMC Database Automation application and make the following changes in the file:
   1. In the following line, ensure that -c 2 -s 1 -p 8087 is exactly as shown:
      service=static MtdApiSoapAcceptor "-c 2 -s 1 -p 8087 -k /app/clarity/dmanager/etc/server.key -x /app/clarity/dmanager/etc/server.pem -y /app/clarity/dmanager/etc/cacert.pem"
   2. If this line is a comment (the line begins with a #), delete the #.
2. Stop the following services in the given sequence using the appropriate command at the command prompt:
   1. httpd: service httpd stop
   2. mtd: service mtd stop
   3. dmanager: service dmanager stop
3. Start the following services in the given sequence using the appropriate command at the command prompt:
   1. dmanager: service dmanager start
   2. mtd: service mtd start
   3. httpd: service httpd start

To enable the BMC Database Automation adapter to operate in the SSL mode

1. Enable the BMC Database Automation application's REST-based API for HTTPS.
2. Enable the BMC Database Automation adapter on the grid with an empty configuration (<config/>).
3. Copy the /app/clarity/dmanager/etc/server.pem and the /app/clarity/dmanager/etc/server.key files from the BDA application folder to the peer on which the BMC Database Automation adapter is enabled.
4. In an adapter request using key-files mode, specify the path to the files that you copied in the preceding step.
   
   In addition to the server-specific files, you can also use client-specific certificates and private key files.
5. Execute the No_operation on the BMC Database Automation application to validate the availability of the target location.

To generate client certificates and private key files

1. Download and install the OpenSSL application from the following locations:
   • Linux: http://www.openssl.org/source
   • Windows: http://www.slproweb.com/products/Win32OpenSSL.html
2. Copy the following files from the computer on which the BMC Database Automation application is installed to the computer on which the OpenSSL application is installed:
   • /app/clarity/dmanager/etc/cacert.pem
   • /app/clarity/dmanager/etc/cakey.pem
   • /app/clarity/dmanager/etc/server.key
   • /app/clarity/dmanager/etc/server.pem
3. Execute the following commands in the given sequence:
   1. openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem -out client-req.pem
   2. openssl rsa -in client-key.pem -out client-key.pem
   3. openssl x509 -req -in client-req.pem -days 1000 -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out client-cert.pem
4. To verify the generated client certificates, execute the openssl verify -CAfile cacert.pem server.pem client-cert.pem command.