Configuring TrueSight Infrastructure Management to enable TLS 1.2

You can upgrade the security in your enterprise environment by using TLS 1.2 to communicate with TrueSight Infrastructure Management components. After the installation of TrueSight Infrastructure Management components, you can switch from the default inter-component security configuration to TLS 1.2 configuration.

Before you begin

Ensure to complete the certificate creation and import tasks for the relevant components before you configure TLS 1.2 between them. For more information about how to create and import private certificates, see Implementing-private-certificates-in-TrueSight-Operations-Management.

To configure the TrueSight Infrastructure Management components to enable TLS 1.2

There are different communication channels established between the TrueSight Infrastructure Management components. Perform the TLS configurations per communication channel. Select the communication channel which you want to make TLS compliant and perform the tasks accordingly. The flowchart in the following diagram explains the complete TLS configuration workflow.

To enable TLS 1.2, complete the procedures by navigating the following tabs, or select the procedures from documentation links in the flowchart.

Navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory, and run the following command to check whether the TrueSight Presentation Server is running.
tssh server status
Note
Ensure that the TrueSight Presentation Server is running before proceeding further.
Log on to the TrueSight console and select Administration> Components.
Displays the components that are registered with the Presentation Server. Ensure that no TrueSight Infrastructure Management Server is registered with the TrueSight Presentation Server. If a TrueSight Infrastructure Management Server is registered delete the same. For more information, see To delete a component
Set the property in the database by running the following command:
tssh properties set tsps.cell.conntype ssl
tssh properties set pronet.jms.conntype ssl
Using a text editor, open the mcell.dir file located in <Presentation Server Install Directory>\conf directory.
Comment out the instances of the code lines having the encryption key value as mc as shown in the following code block:
#Type                            <name>             encryption key         <host>/<port>
#gateway.gateway_subtype   ts_event_gateway         mc             tsps_server1.bmc.com:1900
#cell                         pncell_tsim_server1        mc              tsim_server1.bmc.com:1828
Set the encryption key value to *TLS as shown in the following code block:
#Type                            <name>             encryption key         <host>/<port>
gateway.gateway_subtype     ts_event_gateway        *TLS          tsps_server1.bmc.com:1900
cell                         pncell_tsim_server1        *TLS              tsim_server1.bmc.com:1828
Parameter description
The following notes describe the key parameters used in the preceding command:
- tsps_server1 is the name of the computer where the TrueSight Presentation Server is installed.
- tsim_server1 is the name of TrueSight Infrastructure Management Server registered with the TrueSight Presentation Server. If there are multiple Infrastructure Management Server entries in the mcell.dir file, change the encryption key to *TLS for all such entries.
Save and close the file.
Set the property in the database by running the following command:
tssh properties set server.eventgateway.encryption.key *TLS
Stop the Presentation Server by running the following command:
tssh server stop

The following sections describe the configuration steps for both the local Integration Service and remote Integration Service in TLS 1.2 mode. Perform the configuration steps based on the type of Integration Service installed:

Step 1: To configure the local Integration Service
Step 2: To configure the remote Integration Service
Step 3: To start the servers

To configure the local Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

org.xwiki.rendering.macro.MacroExecutionException: Failed to get document for reference [confluencePage:page:tsomd113._InclCont]
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:130)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:27)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:18)
at com.xwiki.macros.AbstractProMacro.execute(AbstractProMacro.java:116)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:441)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:88)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:396)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInIsolatedExecutionContext(DocumentContentAsyncExecutor.java:365)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:267)
at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:112)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:290)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:233)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerpt(ExcerptIncludeMacro.java:175)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:142)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:27)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:18)
at com.xwiki.macros.AbstractProMacro.execute(AbstractProMacro.java:116)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:441)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:88)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:396)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:269)
at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:112)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:290)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1412)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1548)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1498)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1467)
at com.xpn.xwiki.api.Document.displayDocument(Document.java:788)
at jdk.internal.reflect.GeneratedMethodAccessor574.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:704)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:75)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:242)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.xwiki.velocity.internal.directive.TryCatchDirective.render(TryCatchDirective.java:86)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:853)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:808)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:800)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor18423.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:853)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:808)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:800)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor18423.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:171)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:846)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:832)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:91)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:85)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2564)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:180)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:651)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: com.xpn.xwiki.XWikiException: Error number 3202 in 3: Exception while reading document [confluencePage:page:tsomd113._InclCont()]
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1233)
at com.xpn.xwiki.store.XWikiCacheStore.loadXWikiDoc(XWikiCacheStore.java:399)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2195)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2257)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:128)
... 211 more
Caused by: com.xpn.xwiki.XWikiException: Error number 2 in 0: No wiki with id [confluencePage:page] could be found
at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:854)
at com.xpn.xwiki.store.XWikiHibernateBaseStore.beginTransaction(XWikiHibernateBaseStore.java:576)
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1082)
... 215 more

To configure the remote Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To start the servers

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

The following section guides you to configure the Integration Service to Cell communication in TLS 1.2. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

Step 1: To configure the local Integration Service
Step 2: To configure the remote Integration Service
Step 3: To configure the local Cell
Step 4: To configure the remote Cell
Step 5: To start the servers

To configure the local Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the remote Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the local Cell

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the remote Cell

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To start the servers

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

Perform the following steps to configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2 mode:

To configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2

Perform the following steps to enable the Infrastructure Management Server to Oracle database communication to be TLS compliant:

Notes

If the Oracle database is configured in TLS 1.2 mode, then perform the following steps to configure the Infrastructure Management Server in TLS 1.2 mode.
Oracle database version 11G is TLS 1.0 compliant.
Oracle database version 12.1.0.2 is TLS 1.2 compliant.

Stop the Infrastructure Management Server by running the following command:
pw system stop
Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:
#Syntax
perl switchTLSMode.pl -<on/off> -flow <communication channel> -dbport <Oracle Database port> -dbver <Oracle Database version>

#Example
perl switchTLSMode.pl -on -flow oracle –dbport 1521 -dbver 11G
Parameter description
The following notes describe the key parameters used in the preceding command:
- -on/off: on option enables TLS mode of communication. off option disables TLS mode of communication and enables the default tcp/ssl mode of communication.
- -flow: This variable can have two options: event_and_data,oracle. If flow is set to oracle, the communication between the Infrastructure Management Server and the Oracle database is TLS 1.2 enabled.
- -dbport: Provide the port number that is configured for the Oracle database communication.
- -dbver: Provide the Oracle database version. There are two compatible Oracle database versions: 11G, 12C
Start the Infrastructure Management Server by running the following command:
pw system start

To upgrade the Infrastructure Management server that communicates with the Oracle database in TLS mode

To upgrade the Infrastructure Management server that communicates with the Oracle database in TLS mode, perform the following sequence of steps:

Disable TLS communication between Infrastructure Management server to Oracle database. For detailed instructions, see Rolling-back-to-SSL-configuration.
Upgrade the Infrastructure Management server. For detailed instructions, see Upgrading the Infrastructure Management Server.
Enable TLS communication between Infrastructure Management server to Oracle database. For detailed instructions, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.

By default, the PATROL Agent communicates using either Transmission Control Protocol (TCP) or Secure Sockets Layer (SSL) protocol, but you can configure PATROL Agents to enable TLS 1.2 mode.

The following process workflow guides you to configure the PATROL Agent to Integration Service communication to be TLS compliant:

Ensure that the signed certificates are generated for the Integration Service and imported into the PATROL Agent's client DB certificate store.
To generate signed certificates for the Integration Service, see Implementing-private-certificates-in-the-Integration-Service.
Ensure that the PATROL Agent and the TrueSight Integration Service are running at the same security level.
- To change the PATROL Agent's security level, see Changing the PATROL Agent's security level.
- To change the Integration Service's security level, see Changing the Integration Service's security level.
Configure the PATROL Agent to Integration Service communication to enable TLS mode.
- Run the set_unset_tls command in the PATROL Agent
- Run the set_unset_tls_is command in the Integration Service
  For details, see Configuring-the-PATROL-Agent-to-Integration-Service-communication-to-enable-TLS-1-2.
Update the PATROL Agent's registry files.
For details, see Updating the PATROL Agent registry files.
Update the Integration Service's registry files.
For details, see Updating the Integration Service registry files.

Perform the following steps to enable the Infrastructure Management Server to BMC Impact Integration Web Services (IIWS) communication to be TLS compliant:

Step 1: To configure the Infrastructure Management Server
Step 2: To configure the BMC Impact Integration Web Services server
Step 3: To start the servers

To configure the Infrastructure Management Server

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the BMC Impact Integration Web Services server

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To start the servers

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

Perform the following steps to enable the Infrastructure Management server main cell to Reporting engine communication to be TLS compliant:

Step 1:To configure the Infrastructure Management server cell component
Step 2:To configure the Reporting Engine component

Note

If the Reporting Engine is in TLS mode, it cannot communicate with any of the remote cells or Infrastructure Management server cells operating in Non-TLS mode.

	Infrastructure Management server cells in TLS mode	Infrastructure Management server cells in Non-TLS mode	Remote cellsin TLS mode	Remote cells in Non-TLS mode
Reporting Engine in TLS mode	✅️	❌️	✅️	❌️

To configure the Infrastructure Management server cell component

Using a text editor, open the mcell.dir file on the BMC TrueSight Infrastructure Management Server host computer. The file is located in the <Infrastructure Management server Install Directory>\pw\server\etc directory.
Check for the instance of the code line having encryption key value as shown in the following code block:
gateway.reportengine bpre.<fullyQualifiedHostName> <encryptionKey> <fullyQualifiedHostName>:<3783>
#Example
gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com mc vs-pun-tsim-bp03.bmc.com:3783
Modify the existing value of encryption key to *TLS as shown in the following example:
gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com *TLS vs-pun-tsim-bp03.bmc.com:3783
Save and close the file.
Reload the mcell.dir file by entering the following command from a command line:
#Syntax
mcontrol -n cellName reload dir
#Example
mcontrol -n pncell_vm-w23-rds1016 reload dir
Note
pncell_vm-w23-rds1016 is the name of the cell.

To configure the Report Engine component

Navigate to the reportsCLI directory by running the following command:
# Microsoft Windows operating system
CurrentDirectory>cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI
# Unix operating system
$cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI
Initiate the configuration settings by running the following command:
#Syntax
tls_config init -truststore <truststore file> -truststorepassword <truststore password> [-keystore <keystore file> -keystorepassword <keystore password>][-SqlAnywhereCert <trust certificate path>]
#Example
tls_config init -truststore cacerts -truststorepassword <truststore password> -keystore cacerts -keystorepassword <keystore password> -SqlAnywhereCert <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin
When you run the tls_config script, you are prompted to confirm the restart of the Reporting Engine. The TLS configurations are applied only when the Reporting Engine restarts.
Parameter description
The following notes describe the key parameters used in the preceding command:
- cacerts: Name of the keystore and truststore file of the Report Engine.
- <truststore password>: Password for the keystore/truststore. changeit is the default password for the cacerts keystore. If you have changed this password, use the current password.
- <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin: The directory path where the cacerts truststore file is located.
Enable the TLS configuration by running the following command:
tls_config enable -component cell

Perform the following steps to configure the Infrastructure Management server to Publishing Server communication to enable TLS 1.2 mode:

To configure the Infrastructure Management server

Perform the following steps to enable the Infrastructure Management server to Publishing Server communication to be TLS compliant:

Stop the Infrastructure Management Server by running the following command:
pw system stop
Using a text editor, open the pronet.conf located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.
Add the following properties in pronet.conf as shown in the following code block:
pronet.jms.passwd.file=pronto/conf/.ks_pass
pronet.apps.ipc.ssl.context.pserver.truststore.filename=messagebroker.ts
pronet.apps.ipc.ssl.context.pserver.keystore.filename=pnserver.ks
pronet.apps.ipc.ssl.context.pserver.enabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256
pronet.apps.ipc.ssl.context.pserver.keystore.passwdfile=pronto/conf/.ks_pass
Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instances of the code lines having encryption key value as mc as shown in the following code block:
#Type                            <name>             encryption key                <host>/<port>
#cell                      pncell_hostname         mc                pncell_hostname.bmc.com:1828
#gateway.imcomm              gw_ps_pncell_hostname       mc                    hostname.bmc.com:1839
Add the code lines to set the encryption key value to *TLS as shown in the following code block:
#Type                            <name>             encryption key               <host>/<port>
cell                      pncell_hostname        *TLS            pncell_hostname.bmc.com:1828
gateway.imcomm              gw_ps_pncell_hostname       *TLS                    hostname.bmc.com:1839
Save and close the file.
Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:
#ServerTransportProtocol=tcp
Add the code lines to set the ServerTransportProtocol value to tls, and server certificate file name and key values as shown in the following code block:
ServerTransportProtocol=tls
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key
Notemcell.crt and mcell.key are the names of the cell key and the certificate. If the cell certificate and key names in your Infrastructure Management server are different then use the relevant names in the preceding settings. For more information about how to create cell key and certificate, see Implementing-private-certificates-in-the-TrueSight-Infrastructure-Management.
Save and close the file.
Start the Infrastructure Management Server by running the following command:
pw system start

Where to go from here

Securing-communication-among-Infrastructure-Management-components

Configuring TrueSight Infrastructure Management to enable TLS 1.2

Before you begin

To configure the TrueSight Infrastructure Management components to enable TLS 1.2

To configure the local Integration Service

To configure the remote Integration Service

To start the servers

To configure the local Integration Service

To configure the remote Integration Service

To configure the local Cell

To configure the remote Cell

To start the servers

To configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2

To configure the Infrastructure Management Server

To configure the BMC Impact Integration Web Services server

To start the servers

To configure the Infrastructure Management server cell component

To configure the Report Engine component

To configure the Infrastructure Management server

Where to go from here

On this page