Adding and removing a CA certificate

Adding another certificate is necessary when one or more of the following conditions exist:

Common Access Card (CAC) authentication is used.
The Department of Defense (DoD) issues new CA certificates.
You are using SSL with LDAP for authentication.

By default, the BMC Atrium Single Sign-On truststore already contains the current certificates for CAC.

Adding a CA certificate

To add another CA certificate, see Importing-a-certificate-into-cacerts-p12.

Note

Replacing the self-signed certificate on the BMC Atrium Single Sign-On server invalidates the certificates that are already accepted by users. In addition, you must install the new certificate into the truststore of all integrated BMC applications.

Removing a CA certificate

Before you remove a certificate, identify the alias of the certificate by listing the contents of stores.

To list the contents of stores

To list the contents of the truststore, use the following command:
keytool -v -list -keystore -cacerts.p12 -storepass changeit -providername JsafeJCE
To list the contents of the keystore, use the following command:
keytool -v -list -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

To remove an existing certificate

To remove an existing certificate (identified by myAlias in this example) from the truststore, use the following command:
keytool -delete -alias myAlias -keystore cacerts.p12 -storepass changeit -providername JsafeJCE
To remove a certificate from the keystore, use the following command:
keytool -delete -alias myAlias -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

Where to go from here

Generating and importing CA certificates