Control-M Self-Signed Demo Certificates

Version: 9.0.21.xx

10 November 2023

Specific OS vendors actively block weak cryptographic algorithms, such as SHA-1, which demo certificates use when you upgrade to a new OS level. Therefore, BMC is reminding you that the BMC-provided demo certificate is provided for proof of concept and demo environments only. The Self-Signed Demo certificates employ weak cryptography and lack a verifiable root Certificate Authority (CA). BMC strongly recommends that you use a strong private certificate that is root CA-certified. For more information, see Control-M SSL Documentation.

 This policy change results in the rejection of the BMC-provided demo certificate, which causes connection failures, as described below:

  • Red Hat 9.x and higher: Rejects demo certificates when you use the system-provided Red Hat Java 11.0.14 (or later) or Red Hat Java 17.0.02 (or later).
  • SuSe Linux 15.x and higher: Rejects demo certificates when you use the system-provided SuSe Java 11.0.14 (or later) or SuSe Java 17.0.02 (or later).

Control-M experiences connection failures when you use the vendor's bundled version of Java for Control-M, as described below. However, connection failures do not occur when you install the same standalone version of Java.

  • The SSL handshake between Control-M/Enterprise Manager and Control-M/Server fails in Zone 2. The following error message appears in the Control-M/EM Gateway log:
    Using SSL Protocol connection FAILED.
  • The connection between Control-M/Server and Control-M/Agent fails in Zone 3, and the following error message appears in the Control-M Configuration Manager Agent message column:
    Internal communication error

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*