This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Generating CSRs

To obtain CA-signed certificate for BMC Atrium Single Sign-On, you must generate a Certificate Signing Request (CSR).

To generate a CSR

  1. On the BMC Atrium SSO Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.

  2. On the Certificates tab, select the Certificate Store for which you want to generate a CSR.

    Note

    You cannot create a CSR for certificates. You can create a CSR only for a key pair. 

  3. From the list of available key pairs, select a key pair and click CSR. The CSR is displayed in the following format:

    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBmDCCAQECAQAwWDEZMBcGA1UECxMQQXRyaXVtU1NPIFNlcnZlcjEVMBMGA1UEChMMQk1DIFNv
    ZnR3YXJlMSQwIgYDVQQDExtpQk1DLUpCSEJCSzEuYWRwcm9kLmJtYy5jb20wgZ8wDQYJKoZIhvcN
    AQEBBQADgY0AMIGJAoGBAJABuagV7e12Yu3m0LmNWEmVE4HXrdaB+uOyZFyKLZxO2e+WX3r9vc9q
    al5VQSE1yME6ml53B9sWS2RWA5d8xDPW8ppQe3dqQdf3QDDzfXQ18MmZAfraSbv6Y2Tj0Oad10Uf
    c8NUXYCvKNcmdHzkabaHuTOXuhfyGyzyCgFdd/jTAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAx
    oNCBNvnbYNHD02QOIXEP4eMd9HlfJjvJHtAS6SyibMEd00mq/BD5iV1TewwkmvJRn1BjmzGXNO1c
    xbasQaHN9l0+HP4X6aWfRIJtq9GOj4d9Y2wb5L6SEsgnCtnvbHDsMR0AEBLPCR7nVJ4vgQsZ9xLj
    EfQB8idnyyimIfoqqQ==
    -----END NEW CERTIFICATE REQUEST-----

    Generating CSRs.png

  4. Copy the CSR details and save to a local file with a .csr extension; for example, cert_signing.csr.
  5. Click OK to close the CSR.

You must send the saved CSR file to the CA for a digital signature.

Note

The Common Name (CN) of the certificate cannot be modified, because the CN must match the host name of the server. If the names do not match, the browser issues a warning telling you that the server is trying to impersonate another site.

Importing the signed certificate

After a CSR is signed by a CA, follow the instructions for importing a certificate into KeyStore. Import the signing root CA and any intermediate signing certificates into the keystore. If certificate with the alias tomcat is already signed, the intermediate certificates are attached to the existing tomcat certificate.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*