Changing the security certificate configuration options

If you want to change the security certificate configurations after the PATROL Agent installation, perform the following steps.

Windows

The following table lists the steps to change security validations in Windows:

Changing from No Certificate Validation to Certificate Validation option	Changing from Certificate Validation to No Certificate Validation option
Stop the PATROL Agent. Navigate to %{/BMC/INSTBASE}\common\security\config_v3.0. Run the following command: set_unset_tls.cmd %{/BMC/INSTBASE} UNSET_TLS 2 Run the following command: set_unset_tls.cmd %{/BMC/INSTBASE} SET_TLS 2 -serverDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server -clientDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client -identity "PatrolServer - BMC" Restart the PATROL Agent.	Stop the PATROL Agent. Navigate to %{/BMC/INSTBASE}\common\security\config_v3.0. Run the following command: set_unset_tls.cmd %{/BMC/INSTBASE} UNSET_TLS 2 -serverDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server -clientDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client -identity "PatrolServer - BMC" Run the following command: set_unset_tls.cmd %{/BMC/INSTBASE} SET_TLS 2 Restart the PATROL Agent.
The identity parameter must match the corresponding alias in the NSS cert DB. Use the following command to view the alias name and certificate list: certutil -L -d sql : PatrolAsServer_DB For more information, see PATROL Agent registry settings. Integration Service registry setting.

Changing from No Certificate Validation to Certificate Validation option

Changing from Certificate Validation to No Certificate Validation option

Stop the PATROL Agent.
Navigate to %{/BMC/INSTBASE}\common\security\config_v3.0.
Run the following command:
set_unset_tls.cmd %{/BMC/INSTBASE} UNSET_TLS 2
Run the following command:
set_unset_tls.cmd %{/BMC/INSTBASE} SET_TLS 2 -serverDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server -clientDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client -identity "PatrolServer - BMC"
Restart the PATROL Agent.

Stop the PATROL Agent.
Navigate to %{/BMC/INSTBASE}\common\security\config_v3.0.
Run the following command:
set_unset_tls.cmd %{/BMC/INSTBASE} UNSET_TLS 2 -serverDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server -clientDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client -identity "PatrolServer - BMC"
Run the following command:
set_unset_tls.cmd %{/BMC/INSTBASE} SET_TLS 2
Restart the PATROL Agent.

The identity parameter must match the corresponding alias in the NSS cert DB.

Use the following command to view the alias name and certificate list:

certutil -L -d sql : PatrolAsServer_DB

For more information, see

The following table lists the steps to change security validations in UNIX:

Changing from No Certificate Validation to Certificate Validation option	Changing from Certificate Validation to No Certificate Validation option
Stop the PATROL Agent. Navigate to $BMC_BASE/common/security/config_v3.0. Run the following command: ./set_unset_tls.sh "/opt/bmc/Patrol_Agent" UNSET_TLS 2 Run the following command: ./set_unset_tls.sh "/opt/bmc/Patrol_Agent" SET_TLS 2 -serverDbPath "/tmp/Certificates/server_db" -clientDbPath "/tmp/Certificates/client_db" -identity "bmcpatrol" Restart the PATROL Agent.	Stop the PATROL Agent. Navigate to $BMC_BASE/common/security/config_v3.0. Run the following command: ./set_unset_tls.sh "/opt/bmc/Patrol_Agent" UNSET_TLS 2 -serverDbPath "/tmp/Certificates/server_db" -clientDbPath "/tmp/Certificates/client_db" -identity "bmcpatrol" Run the following command: ./set_unset_tls.sh "/opt/bmc/Patrol_Agent" SET_TLS 2 Restart the PATROL Agent.
The certificate location varies based on the root certificates imported from the Integration Services. The p7_change_security_level* script is deprecated from the 22.3.01 version of PATROL Agent. The identity parameter must match the corresponding alias in the NSS cert DB. Use the following command to view the alias name and certificate list: certutil -L -d sql : PatrolAsServer_DB For more information, see PATROL Agent registry setting. Integration Service registry setting.

Changing from No Certificate Validation to Certificate Validation option

Changing from Certificate Validation to No Certificate Validation option

Stop the PATROL Agent.
Navigate to $BMC_BASE/common/security/config_v3.0.
Run the following command:
./set_unset_tls.sh "/opt/bmc/Patrol_Agent" UNSET_TLS 2
Run the following command:
./set_unset_tls.sh "/opt/bmc/Patrol_Agent" SET_TLS 2 -serverDbPath "/tmp/Certificates/server_db" -clientDbPath "/tmp/Certificates/client_db" -identity "bmcpatrol"
Restart the PATROL Agent.

Stop the PATROL Agent.
Navigate to $BMC_BASE/common/security/config_v3.0.
Run the following command:
./set_unset_tls.sh "/opt/bmc/Patrol_Agent" UNSET_TLS 2 -serverDbPath "/tmp/Certificates/server_db" -clientDbPath "/tmp/Certificates/client_db" -identity "bmcpatrol"
Run the following command:
./set_unset_tls.sh "/opt/bmc/Patrol_Agent" SET_TLS 2
Restart the PATROL Agent.

The certificate location varies based on the root certificates imported from the Integration Services.

The p7_change_security_level* script is deprecated from the 22.3.01 version of PATROL Agent.

The identity parameter must match the corresponding alias in the NSS cert DB.

Use the following command to view the alias name and certificate list:

certutil -L -d sql : PatrolAsServer_DB

For more information, see