Skip to Content

Implementing SSL certificates

All communications from the browser to the TrueSight Middleware Administrator service occur over a secure connection using the https protocol. BMC recommends that you provide a properly trusted certificate to be used by the TrueSight Middleware Administrator service (BMC provides a self-signed certificate for initial use).

Using your own certificate

To configure TrueSight Middleware Administrator to use your own certificate, place that certificate in a key store and provide the associated configuration to the application.
If you have a key store already configured with the intended SSL certificate, follow the steps below.

To use your own certificate

  1. Open <install_directory>/etc/jetty.xml in a text editor.
  2. Find the SSL connector configuration, look for the text "<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">".
  3. Change the "KeyStorePath" property so that it points to your key store file. Note that if you are using an absolute path to your key store, remove the SystemProperty element.

  4. Set the "KeyStorePassword" property to the password of your key store. You may encode this password by running the <install_directory>/bin/encodePassword.bat (Windows) or encodePassword.sh (Linux) utility and pasting the output into this field. 

    Warning

    Note

    You must include the 'OBF:' prefix when using an obfuscated password. Do NOT use the MD5 password in this case.

  5. If required, add a "KeyManagerPassword" property and set it to the password for your certificate. You may encode this password by running the <install_directory>/bin/encodePassword.bat (Windows) or encodePassword.sh (Linux) utility and pasting the output into this field.

Use the keytool utility (create a keystore)

If you have a certificate but do not have a key store, use the keytool utility to create a key store. You can then insert your certificate into the key store. TrueSight Middleware Administrator uses this certificate.

Creating a key store can be a very complicated process; the following procedure details the basic steps only.

To create a key store using the keytool utility

  1. Make sure you have a valid certificate and you know the password for the certificate.
  2. Run the command <install_directory>/jre/<JRE platform>/ bin/keytool -importcert -keystore mykeystore.jks -file cert.pem
  3. When prompted, enter a password (and confirm it by re-entering it) for the keystore.
  4. You may now use this key store in the TrueSight Middleware Administrator configuration. Use the encodePassword utility to conceal your passwords if required.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC TrueSight Middleware Administrator 8.1