Skip to Content

Warning
Helix documentation is moving from docs.bmc.com to docs.helixops.ai

Key pages will redirect to the new domain on May 26, 2026. However, some legacy documentation links will not be redirected. 

In-product help links might not work after migration as we transition and update them within the product.

For any queries, reach out to IX-Support@helixops.ai.

Information
Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing certificate chains and intermediate certificates

You might receive an error telling you that the certificate chain is missing when you try to import the certificate that you received from your CA. If you see this error, you must get the complete certificate chain and all of the intermediate certificates from your CA.

Importing a certificate chain

 If you receive a certificate chain in a single file, it must have a file name with extension cert_name.p7b (PKCS#7) format. Import the certificate chain by using the following command: 

keytool -importcert -keystore $CATALINA_HOME/conf/keystore.p12 -trustcacerts -alias tomcat -keypass <truststore_password> -storepass <truststore_password> -file <certificatefilename> -storetype PKCS12 -providername JsafeJCE -keyalg RSA
  • <truststore_password> — The password used to authenticate the truststore certificate. The default keystore password is internal4bmc.
  • <certificatefilename> — The name of the certificate chain file; for example, cert_name.p7b

Importing intermediate certificates

If the complete chain is unavailable as a single file, you must import all of the intermediate certificates.

To import the intermediate certificates

  1. Get all of the intermediate CA certificates leading to the root.
    For more information, see Getting-intermediate-CA-certificates.
  2. Import the intermediate certificates and the root certificate into keystore.p12 by using the following command.Start with the root certificate and then import all of the intermediate certificates.
keytool -v -importcert -trustcacerts -alias <UNIQUE_ALIAS> -keyalg RSA -keystore keystore.p12 -storepass <truststore_password> -storetype pkcs12 -providername JsafeJCE -file <intermediatecertfile>
  • <truststore_password> — The password used to authenticate the truststore certificate. The default keystore password is internal4bmc.
  • <intermediatecertfile> — The name of the intermediate certificate file; for example, cert_name.cer

 

Warning

 You must provide a unique alias for each certificate.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 8.1