This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing a certificate into the truststore

To establish secure communications with a remote server (such as a remote LDAP server), you must import a certificate into the BMC Atrium Single Sign-On TrustStore (cacerts.p12). The certificate must be in:

  • Printable DER format (file extension .pem)
  • Binary DER format (file extensions .cer.crt, or .der),
  • PKCS#12 format.

Note

For High Availability installations, you must import the certificate on each node.

To import the certificate

  1. On the BMC Atrium SSO Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.
  2. On the Certificates tab, select TrustStore from Certificate Store list.
  3. Click Import. The Upload Certificate dialog box is displayed. You can upload the certificate using one of the following options:
    • PEM Encoded Certificate — Use this option to copy the certificate details.
    • HTTPS URL — Enter the host and port from which to capture a certificate.
    • DER/PEM/PKCS12 Encoded File — To import a key pair, upload the PEM-encoded DER/PEM files. To import a chain of certificates, upload the PKCS#12 file. When you select the PKCS#12 file, an additional password field is provided, allowing you to enter the password for the TrustStore.

      Importing a certificate into the truststore.png

  4. Click Upload. After the file is uploaded, the Import Certificate Editor is displayed.

  5. Enter the alias for each certificate or key pair that you are uploading to the TrustStore.

    Note

    If the list of certificates contains an existing alias, you can override the existing certificate by providing the same alias for the newly uploaded certificate. You must confirm that the certificate must be replaced.

  6. Stop and restart the BMC Atrium Single Sign-On server.

Example of a certificate in DER format

The following example shows a certificate in printable DER format. You can view this certificate by selecting an existing certificate from the list of certificates in the TrustStore and clicking PEM.

-----BEGIN CERTIFICATE-----
MIICxTCCAi4CCQCLjB2QrqlKazANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMC
VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xFTATBgNVBAoMDEJN
QyBTb2Z0d2FyZTEUMBIGA1UECwwLQXRyaXVtIENvcmUxJDAiBgNVBAMMG2libWMt
amJoYmJrMS5hZHByb2QuYm1jLmNvbTEjMCEGCSqGSIb3DQEJARYUYWRhbV9saW5l
aGFuQGJtYy5jb20wHhcNMTEwOTAxMjEyNDU4WhcNMzkwMTE3MjEyNDU4WjCBpjEL
MAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xFTAT
BgNVBAoMDEJNQyBTb2Z0d2FyZTEUMBIGA1UECwwLQXRyaXVtIENvcmUxJDAiBgNV
BAMMG2libWMtamJoYmJrMS5hZHByb2QuYm1jLmNvbTEjMCEGCSqGSIb3DQEJARYU
YWRhbV9saW5laGFuQGJtYy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMtRpEhBcegujENQ7ZefrlnZxmnH54oav9VNxv6nQqneJB8sQVqg1Z+zNUPzuLPF
bY2GTn/eSfXbL8RJgDnczGkL21XP8uH5NkOdBBYrcCnlV4pf+ZZxpBvmpJ1g/39L
OcEc7r2R0w8D+nST9x5w88g95cOrZV9hGy08XLt0Ep7XAgMBAAEwDQYJKoZIhvcN
AQEFBQADgYEAQUekME4Cv+cYCbccKNcUkjk4du8RZpZIM4PtXsqIxRYcjCCK3GQ2
Pr0fOTaAXR/qeL7x55r5ab6IIAmgx7zS9PsvEaFBoVhd26371cQxd7pY3ZOkEEpq
EvF8m2WKcJGE9yzFSBWvBndd4k2Vb7EOP/1ORak6LarwfSD24SKyY7M=
-----END CERTIFICATE-----

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*