Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing a certificate into cacerts.p12

To establish secure communications with a remote server (such as a remote LDAP server), you must import a certificate into the BMC Atrium Single Sign-On truststore, cacerts.p12. The certificate must be in printable DER format (file extension .pem) or in binary DER format (file extensions .cer.crt, or .der).

Note

For high-availability (HA) installations, you must import the certificate on each node.

The following topics provide information and instructions for importing a certificate into the truststore:

Before you begin

Before you import the certificate into the cacerts.p12 file, you must delete the existing alias from the cacerts.p12 file by using the following parameters:

keytool -delete -alias <SERVER_NAME> -keyalg RSA -keystore cacerts.p12 -storepass changeit -storetype PKCS12 -providername JsafeJCE
  • <SERVER_NAME> — The name of the server on which BMC Atrium SSO is installed
  • <storepass> — The password used to authenticate the truststore certificate. The default truststore password is changeit.

To import a certificate in Microsoft Windows

  1. Copy the signed certificate file into the BMC Atrium Single Sign-On server conf directory:
    <installationDirectory>\BMC Software\AtriumSSO\tomcat\conf
  2. On the command line, change the working directory to
    <installationDirectory>\BMC Software\AtriumSSO\tomcat\conf.
  3. Modify the environment to use the Java Development Kit (JDK) that is installed with BMC Atrium Single Sign-On:
    set PATH=<installationDirectory>\jdk\bin;%PATH%

  4. Run the keytool utility with the following parameters:

    keytool -importcert -trustcacerts -alias <SERVER_FQDN> -keyalg RSA -keystore %CATALINA_HOME%\conf\cacerts.p12  -keypass changeit -storepass changeit -storetype PKCS12 -providername JsafeJCE -file <certificatefilename>
    • <SERVER_NAME> — The name of the server on which BMC Atrium SSO is installed

    • <certificatefilename> — The name of the certificate file; for example, cert_name.cer

      Note

      This keytool utility is based on a default installation. Other values might be needed if BMC Atrium Single Sign-On was installed in an external Tomcat container or if the default truststore has been altered.

  5. Stop and restart the BMC Atrium Single Sign-On server.

To import a certificate in UNIX

  1. Copy the signed certificate file into the BMC Atrium Single Sign-On server conf directory:
    <installationDirectory>/BMC Software/AtriumSSO/tomcat/conf
  2. On the command line, change the working directory to
    <installationDirectory>/BMC Software/AtriumSSO/tomcat/conf.
  3. Modify the environment to use the JDK installed with BMC Atrium Single Sign-On:
    PATH=<installationDirectory>/jdk/bin:$PATH;export PATH

  4. Run the keytool utility with the following parameters:

    keytool -importcert -trustcacerts -alias <SERVER_NAME> -keyalg RSA -keystore $CATALINA_HOME/conf/cacerts.p12 -keypass changeit -storepass changeit -storetype PKCS12 -providername JsafeJCE -file <certificatefilename>
    • <SERVER_NAME> — The name of the server on which BMC Atrium SSO is installed

    • <certificatefilename> — The name of the certificate file; for example, cert_name.cer

      Note

      This keytool utility is based on a default installation. Other values might be needed if BMC Atrium Single Sign-On was installed in an external Tomcat container or if the default truststore has been altered.

  5. Stop and restart the BMC Atrium Single Sign-On server.

Example of importing a new certificate to the truststore

C:\apache-tomcat-6.0.20\conf>keytool
-importcert -keystore cacerts.p12 -trustcacerts -alias tomcat -keypass truststore_passwordstorepass truststore_passwordfile mykey.cer -storetype PKCS12
-providername JsafeJCE
Owner:
CN=sample.bmc.com, OU=BMC Atrium SSO, O="BMC Software, Inc.", L=Austin, ST=TX, C=US
Issuer:
CN=sample.bmc.com, OU=BMC Atrium SSO, O="BMC Software, Inc.", L=Austin, ST=TX, C=US
Serial
number: 266df6fc
Valid
from: Sat Jun 15 10:22:28 BST 2013 until: Thu Mar 10 09:22:28 GMT 2016
Certificate fingerprints:
MD5: 43:C3:22:11:F1:5B:AD:66:73:C5:24:74:80:EF:4F:78
SHA1: 72:05:0F:FE:25:50:F7:B8:4D:F5:E8:BA:8F:88:89:2B:96:93:BB:14
SHA256:DA:9B:BA:85:2E:D2:45:74:3F:FB:D7:6A:D4:86:74:E8:B9:FA:9F:01:25:35:61:CA:00:D1:8C:2B:F8:F6:77:A4
Signature algorithm name: SHA256withRSA
Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

Example of a certificate in DER format

-----BEGIN CERTIFICATE-----
MIICxTCCAi4CCQCLjB2QrqlKazANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMC
VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xFTATBgNVBAoMDEJN
QyBTb2Z0d2FyZTEUMBIGA1UECwwLQXRyaXVtIENvcmUxJDAiBgNVBAMMG2libWMt
amJoYmJrMS5hZHByb2QuYm1jLmNvbTEjMCEGCSqGSIb3DQEJARYUYWRhbV9saW5l
aGFuQGJtYy5jb20wHhcNMTEwOTAxMjEyNDU4WhcNMzkwMTE3MjEyNDU4WjCBpjEL
MAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xFTAT
BgNVBAoMDEJNQyBTb2Z0d2FyZTEUMBIGA1UECwwLQXRyaXVtIENvcmUxJDAiBgNV
BAMMG2libWMtamJoYmJrMS5hZHByb2QuYm1jLmNvbTEjMCEGCSqGSIb3DQEJARYU
YWRhbV9saW5laGFuQGJtYy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMtRpEhBcegujENQ7ZefrlnZxmnH54oav9VNxv6nQqneJB8sQVqg1Z+zNUPzuLPF
bY2GTn/eSfXbL8RJgDnczGkL21XP8uH5NkOdBBYrcCnlV4pf+ZZxpBvmpJ1g/39L
OcEc7r2R0w8D+nST9x5w88g95cOrZV9hGy08XLt0Ep7XAgMBAAEwDQYJKoZIhvcN
AQEFBQADgYEAQUekME4Cv+cYCbccKNcUkjk4du8RZpZIM4PtXsqIxRYcjCCK3GQ2
Pr0fOTaAXR/qeL7x55r5ab6IIAmgx7zS9PsvEaFBoVhd26371cQxd7pY3ZOkEEpq
EvF8m2WKcJGE9yzFSBWvBndd4k2Vb7EOP/1ORak6LarwfSD24SKyY7M=
-----END CERTIFICATE-----

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*