Securecert file overview

The securecert file stores passphrases used to encrypt the private keys for X.509 certificates. By storing passphrases in the securecert file, BMC Server Automation can access those passphrases without any user interaction. Accessing passwords non-interactively is essential for setting up secure, certificate-based communication with an Application Server. It is also necessary when using secure communication to deploy assets using repeaters (that is, with an indirect deployment).

When setting up a securecert file for:

  • An Application Server, you must provide an entry for the owner of the process that communicates securely with repeaters and servers. The owner of the process is bladmin on UNIX systems and SYSTEM on Windows.
  • A repeater, you must provide an entry for all users that communicate with servers. On UNIX systems, you must provide an entry for any users to whom other users are mapped (typically root). On Windows, you must provide an entry for the user named BMC Server AutomationRSCD.

The securecert file resides in different locations on Windows and UNIX systems, as described in the following table. On Windows, you can have multiple instances of BMC Server Automation client applications, each with their own securecert file. The following table shows how the location of the securecert file on Windows varies between the first instance and all subsequent instances.

For a description of how to set up the securecert file, see Configuring-the-securecert-file.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*