Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing a certificate into keystore.p12

After generating a new certificate and getting it signed by a Certificate Authority (CA), you must import the certificate into the keystore.p12 file. The certificate must be in printable DER format (file extension .pem) or in binary DER format (file extensions .cer.crt, or .der).  The format to use when you import a certificate into keystore.p12 depends on what format of signed certificate is available to you. 

Note

You might receive an error telling you that the certificate chain is missing when you try to import the certificate that you received from your CA. If you see this error, you must get the complete certificate chain and all of the intermediate certificates from your CA. When importing certificate chains, you must import the certificates of the signing chain by starting with the root certificate and then import the intermediate signed certificates. For more information, see Importing-certificate-chains-and-intermediate-certificates.

The following topics provide information and instructions for importing a certificate into the keystore:

To import a certificate in Microsoft Windows

  1. Copy the signed certificate file into the BMC Atrium Single Sign-On server conf directory:
    <installationDirectory>\BMC Software\AtriumSSO\tomcat\conf
  2. On the command line, change the working directory to
    <installationDirectory>\BMC Software\AtriumSSO\tomcat\conf.
  3. Modify the environment to use the Java Development Kit (JDK) that is installed with BMC Atrium Single Sign-On:
    set PATH=<installationDirectory>\jdk\bin;%PATH%

  4. Run the keytool utility with the following parameters:

    keytool -importcert -keystore %CATALINA_HOME%\conf\keystore.p12 -trustcacerts -alias tomcat -keypass <keystore_password> -storepass <keystore_password> -file <certificatefilename> -storetype PKCS12 -providername JsafeJCE -keyalg RSA 
    • <keystore_password> — The password used to authenticate the keystore certificate. The default keystore password is internal4bmc.

    • <certificatefilename> — The name of the certificate file; for example, cert_name.cer

      Note

      The values in used in this keytool utility is based on a default installation. Other values might be needed if BMC Atrium Single Sign-On was installed in an external Apache Tomcat container or if the default keystore has been altered.

  5. Stop and restart the BMC Atrium Single Sign-On server.

To import a certificate in UNIX

  1. Copy the signed certificate file into the BMC Atrium Single Sign-On server conf directory:
    <installationDirectory>/BMC Software/AtriumSSO/tomcat/conf
  2. On the command line, change the working directory to
    <installationDirectory>/BMC Software/AtriumSSO/tomcat/conf.
  3. Modify the environment to use the JDK installed with BMC Atrium Single Sign-On:
    PATH=<installationDirectory>/jdk/bin:$PATH;export PATH

  4. Run the keytool utility with the following parameters:

    keytool -importcert -keystore $CATALINA_HOME/conf/keystore.p12 -trustcacerts -alias tomcat -keypass <keystore_password> -storepass <keystore_password> -file <certificatefilename> -storetype PKCS12 -providername JsafeJCE -keyalg RSA 
    • <keystore_password> — The password used to authenticate the keystore certificate. The default keystore password is internal4bmc.

    • <certificatefilename> — The name of the certificate file; for example, cert_name.cer

      Note

      This keytool utility is based on a default installation. Other values may be needed if BMC Atrium Single Sign-On was installed in an external Tomcat container or if the default keystore has been altered.

  5. Stop and restart the BMC Atrium Single Sign-On server.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*