Configuring the Publishing Server to Infrastructure Management server communication to enable TLS 1.2


Perform the following steps to configure the Infrastructure Management server to Publishing Server communication to enable TLS 1.2 mode:

To configure the Infrastructure Management server

Perform the following steps to enable the Infrastructure Management server to Publishing Server communication to be TLS compliant:

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the pronet.conf located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.

  3. Add the following properties in pronet.conf as shown in the following code block:

    pronet.jms.passwd.file=pronto/conf/.ks_pass
    pronet.apps.ipc.ssl.context.pserver.truststore.filename=messagebroker.ts
    pronet.apps.ipc.ssl.context.pserver.keystore.filename=pnserver.ks
    pronet.apps.ipc.ssl.context.pserver.enabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256
    pronet.apps.ipc.ssl.context.pserver.keystore.passwdfile=pronto/conf/.ks_pass
  4. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.

  5. Comment out any existing instances of the code lines having encryption key value as mc as shown in the following code block:

    #Type                            <name>             encryption key                <host>/<port>
    #cell                      pncell_hostname         mc                pncell_hostname.bmc.com:1828
    #gateway.imcomm              gw_ps_pncell_hostname       mc                    hostname.bmc.com:1839

  6. Add the code lines to set the encryption key value to *TLS as shown in the following code block:

     #Type                            <name>             encryption key               <host>/<port>
     cell                      pncell_hostname        *TLS            pncell_hostname.bmc.com:1828
    gateway.imcomm              gw_ps_pncell_hostname       *TLS                    hostname.bmc.com:1839
  7. Save and close the file.
  8. Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.

  9. Comment out any existing instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:

    #ServerTransportProtocol=tcp

  10. Add the code lines to set the ServerTransportProtocol value to tls, and server certificate file name and key values as shown in the following code block:

    ServerTransportProtocol=tls
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key

    Note

    mcell.crt and mcell.key are the names of the cell key and the certificate. If the cell certificate and key names in your Infrastructure Management server are different then use the relevant names in the preceding settings. For more information about how to create cell key and certificate, see Implementing-private-certificates-in-the-TrueSight-Infrastructure-Management.

  11. Save and close the file.

  12. Start the Infrastructure Management Server by running the following command:

    pw system start

Related topic

Troubleshooting BMC Publishing Server

Where to go from here

For more information about how to configure other communication channels to enable TLS 1.2, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*