Enabling TLS server certificate validation for ETLs

TLS server certificate validation is disabled by default for following ETLs:

BMC - TrueSight Operations Management extractor
BMC - TrueSight Operations Management Generic extractor
BMC Discovery Extractor
OpenStack - OpenStack API Extractor Service
VMware vCenter Extractor Service
VMware - vCenter and ESX Server History Extractor

To enable server certificate validation for these ETLs, perform the following steps:

Create customenv.sh file in the /opt/bmc/BCO folder on the remote ETL engine server.
Ensure that the customenv.sh file is created using the cpit user.
Add the following commands in the customenv.sh file:
SSL_STRICT_CERTIFICATE_VALIDATION=true
export SSL_STRICT_CERTIFICATE_VALIDATION
Import the server certificates into the ETL's truststore located at /opt/bmc/BCO/jre/lib/security/cacerts
Restart the Remote ETL Engine.
Rerun the ETLs.

If you are upgrading the Remote ETL Engine, take a backup of the cacerts file /opt/bmc/BCO/jre/lib/security/cacerts and restore it back after the upgrade is complete. If not, you need to reimport the server certificates into the ETL's truststore after the upgrade.

Enabling TLS server certificate validation for ETLs

BMC Helix Continuous Optimization 25.2

On this page