This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Creating a new key pair

The following topic provides information and instructions for creating a new key pair.

To create a new key pair

  1. On the BMC Atrium Single Sign-On Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.

  2. On the Certificates tab, from the Certificate Store list, select the option for which you want to create a new Key Pair. 

    Note

    The New option is available only for KeyStore, SAMLv2 KeyStore, and Session KeyStore.

  3. Click New. The New Certificate Key Pair dialog box is displayed.
  4. Enter values for the following parameters:
    • Alias Name— When installing BMC Atrium Single Sign-On as a standalone, the alias name must be the FQDN of the host in which the certificate is to be installed. For example, sso.internal.company.domain.com. When installing BMC Atrium Single Sign-On in an HA environment, you may enter any value in this field. For example, tomcat.
    • Validity Period—The number of days for which the certificate is valid. This value must be greater than 0.
    • SAN—SAN (Subject Alternative Names) is mandatory when the certificate has to be installed in an HA environment. Enter the FQDNs of all the nodes (for example, sso-node1.internal.company.domain.com, sso-node2. internal.company.domain.com) in which the certificate has to be installed. In addition, you must also enter the FQDN of the load balancer (sso-load-balancer.internal.company.domain.com (internal), sso.companyname.com (public)). When you enter the details, separate the different FQDNs using semi-colons.

      Creating a New Key Pair.png

  5. Click Generate.

    You are prompted to confirm whether you want to copy the same certificate to the TrustStore. Based on your confirmation, the key pair is created, and it appears in the list of TrustStore certificates as well.

    Recommendation

    You must choose the option of copying the certificate while creating a new key pair and replicate it in the TrustStore. The certificate in the truststore helps you in establishing a trust relationship with the third party Identity Providers when using SAMLv2 authentication. To verify whether the certificate is imported into the TrustStore, see Checking-the-truststore-for-certificates.

  6. Stop and restart the BMC Atrium Single Sign-On server.

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*