Skip to Content

Warning
Helix documentation is moving from docs.bmc.com to docs.helixops.ai

Key pages will redirect to the new domain on May 26, 2026. However, some legacy documentation links will not be redirected. 

In-product help links might not work after migration as we transition and update them within the product.

For any queries, reach out to IX-Support@helixops.ai.

Information
Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Adding and removing a CA certificate

Adding another certificate is necessary when one or more of the following conditions exist:

  • Common Access Card (CAC) authentication is used.
  • The Department of Defense (DoD) issues new CA certificates.
  • You are using SSL with LDAP for authentication.

By default, the BMC Atrium Single Sign-On truststore already contains the current certificates for CAC.

Adding a CA certificate

To add another CA certificate, see Importing-a-certificate-into-cacerts-p12

Warning

Note

Replacing the self-signed certificate on the BMC Atrium Single Sign-On server invalidates the certificates that are already accepted by users. In addition, you must install the new certificate into the truststore of all integrated BMC applications.

Removing a CA certificate

Before you remove a certificate, identify the alias of the certificate by listing the contents of stores. 

To list the contents of stores

  1. To list the contents of the truststore, use the following command:

    keytool -v -list -keystore -cacerts.p12 -storepass changeit -providername JsafeJCE

  2. To  list the contents of the keystore, use the following command:

    keytool -v -list -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

To remove an existing certificate

  1. To remove an existing certificate (identified by myAlias in this example) from the truststore, use the following command:

    keytool -delete -alias myAlias -keystore cacerts.p12 -storepass changeit -providername JsafeJCE

     

  2. To remove a certificate from the keystore, use the following command:

    keytool -delete -alias myAlias -keystore keystore.p12 -storepass internal4bmc -providername JsafeJCE

Where to go from here

Generating and importing CA certificates

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 8.1