Configuring the securecert file

This topic provides an overview of the securecert file, and explains how to configure it. It includes the following sections:

About the securecert file

The securecert file stores passphrases used to encrypt the private keys for X.509 certificates. By storing passphrases in the securecert file, TrueSight Server Automation can access those passphrases without any user interaction. Accessing passwords non-interactively is essential for setting up secure, certificate-based communication with an Application Server. It is also necessary when using secure communication to deploy assets using repeaters (that is, with an indirect deployment).

When setting up a securecert file for:

  • An Application Server, you must provide an entry for the owner of the process that communicates securely with repeaters and servers. The owner of the process is bladmin on UNIX systems and SYSTEM on Windows.
  • A repeater, you must provide an entry for all users that communicate with servers. On UNIX systems, you must provide an entry for any users to whom other users are mapped (typically root). On Windows, you must provide an entry for the user named TrueSight Server AutomationRSCD.

The securecert file resides in different locations on Windows and UNIX systems, as described in the following table. On Windows, you can have multiple instances of TrueSight Server Automation client applications, each with their own securecert file. The following table shows how the location of the securecert file on Windows varies between the first instance and all subsequent instances.

To configure the securecert file

When configuring a securecert file, you can make entries for the Application Server and repeaters.

On the Application Server, create an entry similar to the following for the owner of the process that communicates securely with repeaters and servers:

[Default]
<processOwner>=*******

where <processOwner> is bladmin for UNIX systems and SYSTEM for Windows.

You must use the secadmin utility to modify a securecert file. (For more on secadmin, see Using the secadmin utility or the man page for secadmin ). To create an entry similar to the one shown above using the secadmin utility, enter the following command:

secadmin -m default -cu bladmin -cp password

Enter the password in clear text. The secadmin utility encrypts the password.

On repeaters, create an entry similar to the following for the administrative user that communicates with servers:

[Default]
<adminUser>=*******

where <adminUser> is typically root for UNIX systems and BladeLogicRSCD for Windows. Using the secadmin utility to create the entry similar to the one shown above, enter the following command:

secadmin -m default -cu root -cp password

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*