Configuring the Publishing Server to Infrastructure Management server communication to enable TLS 1.2
Perform the following steps to configure the Infrastructure Management server to Publishing Server communication to enable TLS 1.2 mode:
To configure the Infrastructure Management server
Perform the following steps to enable the Infrastructure Management server to Publishing Server communication to be TLS compliant:
Stop the Infrastructure Management Server by running the following command:
pw system stop- Using a text editor, open the pronet.conf located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.
Add the following properties in pronet.conf as shown in the following code block:
pronet.jms.passwd.file=pronto/conf/.ks_pass
pronet.apps.ipc.ssl.context.pserver.truststore.filename=messagebroker.ts
pronet.apps.ipc.ssl.context.pserver.keystore.filename=pnserver.ks
pronet.apps.ipc.ssl.context.pserver.enabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256
pronet.apps.ipc.ssl.context.pserver.keystore.passwdfile=pronto/conf/.ks_pass- Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instances of the code lines having encryption key value as mc as shown in the following code block:
#Type <name> encryption key <host>/<port>
#cell pncell_hostname mc pncell_hostname.bmc.com:1828
#gateway.imcomm gw_ps_pncell_hostname mc hostname.bmc.com:1839Add the code lines to set the encryption key value to *TLS as shown in the following code block:
#Type <name> encryption key <host>/<port>
cell pncell_hostname *TLS pncell_hostname.bmc.com:1828
gateway.imcomm gw_ps_pncell_hostname *TLS hostname.bmc.com:1839- Save and close the file.
- Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:
#ServerTransportProtocol=tcpAdd the code lines to set the ServerTransportProtocol value to tls, and server certificate file name and key values as shown in the following code block:
ServerTransportProtocol=tls
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key- Save and close the file.
- Navigate to the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory location.
- Open the ssl.amqbootstrap.sar file and extract the jboss-service.xml file.
- Take a back up of the jboss-service.xml file.
In the jboss-service.xml file, update the JNDIName attribute of amqbootstrap property as shown in the following example:
#Existing JNDIName setting
<attribute name="JNDIName">ConnectionFactory</attribute>
#New JNDIName setting
<attribute name="JNDIName">java:jboss/exported/ConnectionFactory</attribute>
- After the change, save the jboss-service.xml file and add it to the ssl.amqbootstrap.sar file in the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory again.
Start the Infrastructure Management Server by running the following command:
pw system start
Related topic
Troubleshooting BMC Publishing Server
Where to go from here
For more information about how to configure other communication channels to enable TLS 1.2, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.