Skip to Content

_prereqRHEL

  • You need to download certain certificates and add them to a depot location before you can create a patch catalog for RHEL 7.

    Downloading certificates for creating an RHEL 7 patch catalog
    1. You must register an account on Red Hat Customer Portal, if you do not already have an account.
    2. Log on to the Red Hat Customer Portal and click Subscriptions at the top of the page.
      1.png
    3. At the bottom of the page, under Subscriber Inventory, click Systems.
      2.png
    4. Click Register a system, if you have not already registered your system.
      3.png
    5. Enter the details of your system and click Register.
      4.png
    6. After your system is registered, click the Attached Subscriptions tab.
    7. Attach a subscription to your system by clicking the Attach a subscription link.
      5.png
    8. Select the type of subscription you are using and click Attach Selected.
      6.png
    9. In the Entitlement certificate column of the attachment click Download, to download the entitlement certificate file.
      7.png
    10. Rename the file to client-cert.pem and copy it to a temporary location on the depot.
    11. On the Identity Certificate tab click Download, to download the identity key certificate file.
      8.png
    12. Rename the file to client-key.pem and copy it to a temporary location on the depot.
    13. On any Red Hat 6 or 7 server used as the repository for the RHEL 7 catalog navigate to /etc/rhsm/ca/ and copy the CA certificate file (redhat-uep.pem) to the same directory as the client-key.pem and client-cert.pem files.
    14. (For online mode only) You must enter the locations of the certificate files in the SSL CA Cert File (redhat-uep.pem), SSL Client Cert File (client-cert.pem), and SSL Client Key File (client-key.pem) fields of the Patch Global Configuration dialog box, see Global-Configuration-parameter-list.
  • You can use a Proxy server for RHEL 7 patch catalog in TrueSight Server Automation. For details on the Proxy Server options, see Global-Configuration-parameter-list.

  • Note the limitations while creating filters for RHEL 7 in an online or offline catalog.

    Click here to view the filter limitations for RHEL7
    Error

    Excerpt named FilterLimitationsForRHEL7 was not found in document xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Server-Automation.tssa242.Using.Creating-and-modifying-TrueSight-Server-Automation-jobs.Panel-reference-for-Patch-Management-Jobs.Patch-Catalog-job-panels.Patch-catalog-Red-Hat-Catalog.WebHome.

The CA chain for the RedHat site certificate must be imported before creating a Patch Catalog for any version of the Red Hat Enterprise Linux. If you have imported this certificate in previous versions of TrueSight Server Automation, ensure that you have re-imported the CA chain, if the Java Version is changed on the current version of TrueSight Server Automation.

See the following steps for downloading and importing the DER encoded binary X.509 (.CER) certificate file for the CA chain.

Downloading the certificate file

You must use your browser to download the required certificate from https://idp.redhat.com/idp/. While you can use any browser to download the certificates, we have provided steps for downloading using Internet Explorer as an example:

  1. Right-click the Internet Explorer icon and select Run As Administrator.
    adminrun.png
  2. Navigate to the Red Hat Customer Portal site (https://idp.redhat.com/idp/) and click the pad-lock icon padlock.JPG on the right of navigation bar.
  3. Click the View Certificates link, the Certificate Dialog box opens.
  4. Go to the Certification Path tab. Select each CA in the chain and perform the following actions
    image2016-2-13 16_49_45.png
    1. Click on View Certificate
    2. On the Details tab, click the Copy to File button. The Certificate Export Wizard opens.
    3. Select DER encoded binary X.509 (.CER) and save the file with a .cer extension.
  5. Repeat step 4 for each CA certificate in the Chain.

Importing the certificates into the keystore

Depending on the operating system you are on, perform either of the following steps:

On Windows

  1. Navigate to directory on which you have installed TrueSight Server Automation. The default directory is C:\Program Files\BMC Software\BladeLogic\appserver.
  2. Copy the Red Hat certificate file to the \NSH\jre\lib\security path inside the installation directory.

  3. Navigate to the \NSH\jre\bin path inside the installation directory and execute the following command:

    keytool.exe -import -alias <certificate name> 
    -file <installationDirectory>\NSH\jre\lib\security\redhat.cer 
    -keystore <installationDirectory>\NSH\jre\lib\security\cacerts

    Note that <installationDirectory> is the file path to the directory on which TrueSight Server Automation is installed and <certificate name> is an alias given to the ca. For example, in the screenshot above you might use 'comodorsaextendedvalidationsecureserverca2' and 'comodosecure'

  4. When prompted by the system for a password, enter changeit
  5. Run the command in 3 for each CA certificate in the chain.
  6. Restart the Application Server to import the certificate to TrueSight Server Automation.

On Linux:

Navigate to directory on which you have installed TrueSight Server Automation. The default directory is /opt/bmc/bladelogic/appserver.

  1. Copy the Red Hat certificate file to the /NSH/br/java/lib/security path inside the installation directory and <certificate name> is an alias given to the ca. For example, in the screenshot above you might use 'comodorsaextendedvalidationsecureserverca2' and 'comodosecure'

  2. Navigate to the /NSH/br/java/bin path inside the installation directory and execute the following command:

    keytool -import -alias  <certificate name>  
    -file <installationDirectory>/NSH/br/java/lib/security/redhat.cer 
    -keystore <installationDirectory>/NSH/br/java/lib/security/cacerts

    Note that <installationDirectory> is the file path to the directory on which TrueSight Server Automation is installed.

  3. When prompted by the system for a password, enter changeit.
  4. Run the command in 3 for each CA certificate in the chain.
  5. Restart the Application Server to import the certificate to TrueSight Server Automation.

The CA chain for the RedHat site certificate must be imported before creating a Patch Catalog for any version of the Red Hat Enterprise Linux. If you have imported this certificate in previous versions of TrueSight Server Automation, ensure that you have re-imported the CA chain, if the Java Version is changed on the current version of TrueSight Server Automation.

See the following steps for downloading and importing the DER encoded binary X.509 (.CER) certificate file for the CA chain.

You must use your browser to download the required certificate from https://idp.redhat.com/idp/. While you can use any browser to download the certificates, we have provided steps for downloading using Internet Explorer as an example:

  1. Right-click the Internet Explorer icon and select Run As Administrator.
    adminrun.png
  2. Navigate to the Red Hat Customer Portal site (https://idp.redhat.com/idp/) and click the pad-lock icon padlock.JPG on the right of navigation bar.
  3. Click the View Certificates link, the Certificate Dialog box opens.
  4. Go to the Certification Path tab. Select each CA in the chain and perform the following actions
    image2016-2-13 16_49_45.png
    1. Click on View Certificate
    2. On the Details tab, click the Copy to File button. The Certificate Export Wizard opens.
    3. Select DER encoded binary X.509 (.CER) and save the file with a .cer extension.
  5. Repeat step 4 for each CA certificate in the Chain.

Depending on the operating system you are on, perform either of the following steps:

On Windows

  1. Navigate to directory on which you have installed TrueSight Server Automation. The default directory is C:\Program Files\BMC Software\BladeLogic\appserver.
  2. Copy the Red Hat certificate file to the \NSH\jre\lib\security path inside the installation directory.

  3. Navigate to the \NSH\jre\bin path inside the installation directory and execute the following command:

    keytool.exe -import -alias <certificate name> 
    -file <installationDirectory>\NSH\jre\lib\security\redhat.cer 
    -keystore <installationDirectory>\NSH\jre\lib\security\cacerts

    Note that <installationDirectory> is the file path to the directory on which TrueSight Server Automation is installed and <certificate name> is an alias given to the ca. For example, in the screenshot above you might use 'comodorsaextendedvalidationsecureserverca2' and 'comodosecure'

  4. When prompted by the system for a password, enter changeit
  5. Run the command in 3 for each CA certificate in the chain.
  6. Restart the Application Server to import the certificate to TrueSight Server Automation.

On Linux:

Navigate to directory on which you have installed TrueSight Server Automation. The default directory is /opt/bmc/bladelogic/appserver.

  1. Copy the Red Hat certificate file to the /NSH/br/java/lib/security path inside the installation directory and <certificate name> is an alias given to the ca. For example, in the screenshot above you might use 'comodorsaextendedvalidationsecureserverca2' and 'comodosecure'

  2. Navigate to the /NSH/br/java/bin path inside the installation directory and execute the following command:

    keytool -import -alias  <certificate name>  
    -file <installationDirectory>/NSH/br/java/lib/security/redhat.cer 
    -keystore <installationDirectory>/NSH/br/java/lib/security/cacerts

    Note that <installationDirectory> is the file path to the directory on which TrueSight Server Automation is installed.

  3. When prompted by the system for a password, enter changeit.
  4. Run the command in 3 for each CA certificate in the chain.
  5. Restart the Application Server to import the certificate to TrueSight Server Automation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Server Automation 24.2