Generating unique self-signed certificates


Complete the following procedures to create a unique self-signed certificate for TrueSight Operations Management.

This provides the following latest standard practice of cryptography policy:

  • 2048 keysize
  • Signature algorithm SHA256withRSA
  • With customer specific details

Related topics

Role-of-private-certificates-in-TrueSight-Operations-Management

Creating a new pnca keypair certificate

  1. Create a new pnca keypair certificate by running the following command:

    keytool -genkey -keyalg RSA -alias pnca -keystore keystore_1.ks -storepass get2net -validity 299665 -keysize 2048 -sigalg SHA256withRSA

    This command prompts you to enter the details such as name, organization details as shown in the following code block. Type the details appropriately.

  2. What is your first and last name?
    [Unknown]: <FirstName LastName>
    What is the name of your organizational unit?
    [Unknown]: <organizational unit>
    What is the name of your organization?
    [Unknown]: <company>
    What is the name of your City or Locality?
    [Unknown]: <city>
    What is the name of your State or Province?
    [Unknown]: <state>
    What is the two-letter country code for this unit?
    [Unknown]: <country code>
    Is CN=<FirstName LastName>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code> correct?
    [no]: yes

    It  creates the file keystore_1.ks with alias pnca.

  3. Export Keystore as pnca.p12 by running the following command:

    keytool -importkeystore -srckeystore keystore_1.ks -destkeystore pnca.p12 -deststoretype PKCS12

    Note

    Use password get2net

  4. Delete old pnca from pnserver.ks  by running the following command:

    keytool -delete -alias pnca -keystore pnserver.ks -storepass get2net -storetype JKS

  5. Import pnca.p12 into pnserver.ks by running the following command:

    keytool -importkeystore -deststorepass get2net -destkeypass get2net -destkeystore pnserver.ks -srckeystore pnca.p12 -srcstoretype PKCS12 -srcstorepass get2net -alias pnca

    Note

    Replace pnca keypair certificate where required ( TrueSight Presentation Server , TrueSight Infrastructure Management components) using 4-5 step.

Creating a new pnagent certificate

  1. Create new pnagent certificate by running the following command:

    keytool -genkey -keyalg RSA -alias pnagent -keystore keystore_2.ks -storepass get2net -validity 299665 -keysize 2048 -sigalg SHA256withRSA

    This command prompts you to enter the details such as name, organization details as shown in the following code block. Type the details appropriately.

  2. What is your first and last name?
    [Unknown]: <FirstName LastName>
    What is the name of your organizational unit?
    [Unknown]: <organizational unit>
    What is the name of your organization?
    [Unknown]: <company>
    What is the name of your City or Locality?
    [Unknown]: <city>
    What is the name of your State or Province?
    [Unknown]: <state>
    What is the two-letter country code for this unit?
    [Unknown]: <country code>
    Is CN=<FirstName LastName>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code>correct?
    [no]: yes

    It  creates file keystore_2.ks with alias pnagent.

  3. Export certificate from keystore_2.ks as pnagent.cer by running the following command:

    keytool -export -alias pnagent -file pnagent.cer -keystore keystore_2.ks

    Note

    Use password get2net

  4. Delete old pnagent from pnserver.ks by running the following command:

    keytool -delete -alias pnagent -keystore pnserver.ks -storepass get2net -storetype JKS

  5. Import pnagent.cer into pnserver.ks by running the following command:

    keytool -import -alias pnagent -file pnagent.cer -keystore pnserver.ks -storepass get2net

    Note

    Replace pnagent certificate where required. ( TrueSight Presentation Server , TrueSight Infrastructure Management components)

    Follow the 1-5 steps for creating rest of the certificates like jadmin , pnagenthttps , and mykey.

Creating a new bppmwsgateway keystore

  1. Create a new bppmwsgateway keypair certificate by running the following command:

    keytool -genkey -keyalg RSA -alias bppmwsgateway -keystore keystore_3.ks -storepass get2net -validity 46355 -keysize 2048 -sigalg SHA256withRSA

    This command prompts you to enter the details such as name, organization details as shown in the following code block. Type the details appropriately.

  2. What is your first and last name?
    [Unknown]: BPPM REST WS GATEWAY
    What is the name of your organizational unit?
    [Unknown]: <organizational unit>
    What is the name of your organization?
    [Unknown]: <company>
    What is the name of your City or Locality?
    [Unknown]: <city>
    What is the name of your State or Province?
    [Unknown]: <state>
    What is the two-letter country code for this unit?
    [Unknown]: <country code>
    Is CN=BPPM REST WS GATEWAY, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code> correct?
    [no]: yes

    It  updates file keystore_3.ks with alias bppmwsgateway

  3. Export Keypair from keystore_3.ks as bppmwsgateway.p12 by running the following command:

    keytool -importkeystore -srckeystore keystore_3.ks -destkeystore bppmwsgateway.p12 -deststoretype PKCS12

    Note

    Use password get2net

  4. Delete old pnca from pnserver.ks by running the following command:

    keytool -delete -alias bppmwsgateway -keystore pnserver.ks -storepass get2net -storetype JKS

  5. Import bppmwsgateway.p12 into pnserver.ks by running the following command:

    keytool -importkeystore -deststorepass get2net -destkeypass get2net -destkeystore pnserver.ks -srckeystore bppmwsgateway.p12 -srcstoretype PKCS12 -srcstorepass get2net -alias bppmwsgateway

Creating a new bmcatriumwsserversslnew certificate

  1. Create a new pnagent certificate by running the following command.:

    keytool -genkey -keyalg RSA -alias bmcatriumwsserversslnew -keystore keystore_4.ks -storepass get2net -validity 299665 -keysize 2048 -sigalg
    SHA256withRSA

    This command prompts you to enter the details such as name, organization details as shown in the following code block. Type the details appropriately.

  2. What is your first and last name?
    [Unknown]: ATRIUM WS SSL SERVER
    What is the name of your organizational unit?
    [Unknown]: <organizational unit>
    What is the name of your organization?
    [Unknown]: <company>
    What is the name of your City or Locality?
    [Unknown]: <city>
    What is the name of your State or Province?
    [Unknown]: <state>
    What is the two-letter country code for this unit?
    [Unknown]: <country code>
    Is CN=<FirstName LastName>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code>correct?
    [no]: yes

    It  create file keystore_4.ks with alias bmcatriumwsserversslnew

  3. Export certificate from keystore_4.ks as bmcatriumwsserversslnew.cer by running the following command:

    keytool -export -alias bmcatriumwsserversslnew -file bmcatriumwsserversslnew.cer -keystore keystore_4.ks

    Note

    Use password get2net

  4. Delete old pnagent from pnserver.ks by running the following command:

    keytool -delete -alias bmcatriumwsserversslnew -keystore pnserver.ks -storepass get2net -storetype JKS

  5. Import pnagent.cer into pnserver.ks by running the following command:

    keytool -import -alias bmcatriumwsserversslnew -file bmcatriumwsserversslnew.cer -keystore pnserver.ks -storepass get2net
  6. Replace pnagent certificate where required ( Integration Services , TrueSight Presentation Server ,TrueSight Infrastructure Management components ).

Creating a new TunnelAgent certificate

  1. Create new TunnelAgent certificate by running the following command:

    keytool -genkey -keyalg RSA -alias "bmc proactivenet" -keystore keystore_5.ks -storepass get2net -validity 46355 -keysize 2048 -sigalg SHA256withRSA

     Enter the following details appropriately.

  2. What is your first and last name?
    [Unknown]: <FirstName LastName>
    What is the name of your organizational unit?
    [Unknown]: <organizational unit>
    What is the name of your organization?
    [Unknown]: <company>
    What is the name of your City or Locality?
    [Unknown]: <city>
    What is the name of your State or Province?
    [Unknown]: <state>
    What is the two-letter country code for this unit?
    [Unknown]: <country code>
    Is CN=<FirstName LastName>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code>correct?
    [no]: yes

  3. Export certificate from keystore_5.ks as TunnelAgent.crt by running the following command:

    keytool -export -alias "bmc proactivenet" -file TunnelAgent.crt -keystore keystore_5.ks

    Enter keystore password get2net.
    Crtificate stores in file <TunnelAgent.crt>

  4. Copy this TunnelAgent.crt at TSIM_HOME\TrueSight\pw\apache\conf
  5. Restart the TrueSight Infrastructure Mangement Server.

Note

  • Follow the 1-5 steps for creating rest of the keystores
    bmcatriumwsservernew : CN = ATRIUM WS SERVER (First Name and Last Name Filed )
    bmcatriumwsclientnew : CN = ATRIUM WS CLIENT (First Name and Last Name Filed )
  • Import keypair or certificate based in the default setting in respective certificates. (example, pnca is keypair in pnserver.ks and jadmin is certificate in pnserver.ks )

    Following are the places where pnagent, jadmin , pnserver, pnagenthttps certificates can be found at:
    • Integration service
      Navigate to path: \TSIMAgent\Agent\pronto\conf\pnagenthttps.ks and pnagent.ks

    • TrueSight Presentation Server


      Navigate to path: \truesightpserver\conf\secure\tspstruststore.ks

    • TrueSight Infrastructure Management


      Navigate to path: \pw\pronto\confpnagent.ks, jadmin.ks , pnserver.ks ,pnagenthttps.ks

Related topic

You can also explore how to implement private certificates in other TrueSight Operations Management components.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*