Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Generating CSRs

To obtain a signed certificate from the Certificate Authority (CA) for BMC Atrium Single Sign-On, you must generate a certificate signing request (CSR).

To generate a CSR in Microsoft Windows

  1. On the command line, change your working directory to
    <installationDirectory>\BMC Software\AtriumSSO\tomcat\conf    .
  2. Modify the environment to use the Java Development Kit (JDK) that is installed with BMC Atrium Single Sign-On:
    set PATH=<installationDirectory>\jdk\bin;%PATH%

  3. Run the following keytool command:

    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore keystore.p12 -storepass internal4bmc -storetype PKCS12  -providername JsafeJCE

To generate a CSR in UNIX

  1. On the command line, change your working directory to
    <installationDirectory>/BMC Software/AtriumSSO/tomcat/conf    .
  2. Modify the environment to use the JDK installed with BMC Atrium Single Sign-On:
    PATH=<installationDirectory>/jdk/bin:$PATH;export PATH

  3. Run the following keytool command:

    keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore keystore.p12 -storepass internal4bmc -storetype PKCS12 -providername JsafeJCE

Note

For both Windows and UNIX, the supplied default password for the BMC Atrium Single Sign-On Tomcat server is internal4bmc. You will need to provide another password if the keystore is replaced with a locally generated file.  

Example of a CSR

The keytool command generates and saves the CSR in the certreq.csr file. The certreq.csr file is an example file and has the following content:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBmDCCAQECAQAwWDEZMBcGA1UECxMQQXRyaXVtU1NPIFNlcnZlcjEVMBMGA1UEChMMQk1DIFNv
ZnR3YXJlMSQwIgYDVQQDExtpQk1DLUpCSEJCSzEuYWRwcm9kLmJtYy5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJABuagV7e12Yu3m0LmNWEmVE4HXrdaB+uOyZFyKLZxO2e+WX3r9vc9q
al5VQSE1yME6ml53B9sWS2RWA5d8xDPW8ppQe3dqQdf3QDDzfXQ18MmZAfraSbv6Y2Tj0Oad10Uf
c8NUXYCvKNcmdHzkabaHuTOXuhfyGyzyCgFdd/jTAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAx
oNCBNvnbYNHD02QOIXEP4eMd9HlfJjvJHtAS6SyibMEd00mq/BD5iV1TewwkmvJRn1BjmzGXNO1c
xbasQaHN9l0+HP4X6aWfRIJtq9GOj4d9Y2wb5L6SEsgnCtnvbHDsMR0AEBLPCR7nVJ4vgQsZ9xLj
EfQB8idnyyimIfoqqQ==
-----END NEW CERTIFICATE REQUEST-----

You must send the toolkit command output to a CA for a digital signature.

Note

The Common Name (CN) of the certificate cannot be modified, because the CN must match the host name of the server. If the names do not match, the browser issues a warning that the server is trying to impersonate another site.

Importing the signed certificate

After a CSR is signed by a CA, follow the instructions for Importing-a-certificate-into-cacerts-p12. Before you import the signed certificate, import the signing root CA and any intermediate signing certificates into the truststore. For information about importing intermediate certificates, see Getting-intermediate-CA-certificates.

Where to go from here

Generating-and-importing-CA-certificates

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*