Rolling back to SSL configuration

By default, TrueSight Infrastructure Management and its associated components use Transport Layer Security (TLS) versions earlier than TLS 1.2 to communicate with each other. BMC provides an option to upgrade the security in your enterprise environment by using TLS 1.2 to communicate with TrueSight Infrastructure Management components. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

There are different communication channels established between the components of the TrueSight Infrastructure Management components. Perform the roll back operations per communication channel. Select the communication channel which you want to roll back and perform the tasks accordingly. To roll back to default configuration, complete the procedures by navigating the following tabs. The following table lists the abbreviations and their definitions used in the tabs.

Abbreviation

Definition

TSIM

TrueSight Infrastructure Management

TSPS

TrueSight Presentation Server

IS

TrueSight Integration Service

PA

BMC PATROL Agent

IIWS

BMC Impact Integration Web Services

PS

BMC Publishing Server


Perform the following steps to roll back the Infrastructure Management Server to the Presentation Server communication to default configuration:

To configure the Presentation Server

  1. Navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory, and run the following command to check whether the TrueSight Presentation Server is running. 

    tssh server status

    Note

    Ensure that the TrueSight Presentation Server is running before proceeding further.

  2. Log on to the TrueSight console and select Administration> Components.

    Displays the components that are registered with the Presentation Server. Ensure that no TrueSight Infrastructure Management Server is registered with the TrueSight Presentation Server. If a TrueSight Infrastructure Management Server is registered delete the same. For more information, see To delete a component

  3. Set the property in the database by running the following command:

    tssh properties set tsps.cell.conntype tcp
    tssh properties set pronet.jms.conntype tcp
  4. Using a text editor, open mcell.dir file located in <Presentation Server Install Directory>\conf directory.

  5. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                              <name>             encryption key           <host>/<port>
    #gateway.gateway_subtype   ts_event_gateway           *TLS               localhost:1900
    #cell                         pncell_tsim_server1          *TLS            tsim_server1.bmc.com:1828   

  6. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
    gateway.gateway_subtype     ts_event_gateway        mc               localhost:1900
    cell                         pncell_tsim_server1        mc            tsim_server1.bmc.com:1828   

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • Replace the localhost by the computer name on which the Presentation Server is running
    • tsim_server1 is the name of TrueSight Infrastructure Management Server registered with the TrueSight Presentation Server. If there are multiple Infrastructure Management Server entries in the mcell.dir file, change the encryption key to mc for all such entries.
  7. Save and close the file.

  8. Stop the Presentation Server by running the following command:

    tssh server stop

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Navigate to the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory location.
  3. Open the tcp.activemq-rar.rar file and extract the amq-broker-config.xml file.
  4. Take a backup of the amq-broker-config.xml file.

  5. In the amq-broker-config.xml file, update the URI attribute of transportConnector property to the new port number as shown in the following example:tcp_amq_port.png

    Note

    In the preceding example the port number is set to 8093. If you are using a different port, then set the port number accordingly.

  6. After the change, save the amq-broker-config.xml file and add it to the tcp.activemq-rar.rar file in the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory again.

  7. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory by running the following command:

    # Microsoft Windows operating system
    $cd <Infrastructure Management Server Install Directory>\pw\pronto\bin
    # Unix operating system
    $cd <Infrastructure Management Server Install Directory>/pw/pronto/bin

  8. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax perl switchTLSMode.pl -<on/off> -flow <communication channel> -tsps <TrueSight Presentation Server name>

    #Example
    perl switchTLSMode.pl -off -flow event_and_data -tsps myserver.bmc.com

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS configuration and enables the defaulttcp/ssl configuration.
    • -flow: If the flow is set to event_and_data, the Infrastructure Management Server to Presentation Server is communication channel is selected.
    • TrueSight Presentation Server name: This is the fully qualified domain name (FQDN) of the computer where the Presentation Server is installed.
    • -h: This is an optional parameter, it displays the help for the the switchTLSMode.pl command

To start the servers

  1. Start the Presentation Server by running the following command:

    tssh server start

  2. Start the Infrastructure Management Server by running the following command:

    pw system start

To register the Infrastructure Management Server with the Presentation Server

  1. Ensure that all the processes of the Infrastructure Management Server are up by running the following command:

    pw p l

  2. Register the Infrastructure Management Server with the Presentation Server. For more information, see Registering the component products with the Presentation Server.

Perform the following steps to roll back the Integration Service to Infrastructure Management Server communication to default configuration. Select the steps based on the type of the Integration Service.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the conntype value as ssltcpas shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  4. Set the conntype value to tcp as shown in the following code block:

    #Configuration settings to roll back the default configuration between Infrastructure Management Server to Local Integration Service
    pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the pw\custom\conf directory, if it is a local Integration Service.

  5. Save and close the file.

To configure the remote Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  4. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp
  5. Save and close the file.

  6. Stop the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components.

  7. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\conf directory.

  8. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  9. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service. 

  10. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

  2. Start the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components.

The following section guides you to configure the Integration Service to Cell communication to enable default configuration. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS

  4. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc
  5. Save and close the file.
  6. Using a text editor, open mcell.dir file located in <Infrastructure Management Server Install directory>\pw\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key               <host>/<port>
    #cell_1                     pncell_tsim_server1           *TLS                   cell_1.bmc.com:1828
    #cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  8. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
    cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
    cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following notes:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.

To configure the remote Integration Service

  1. Log in to the computer where the remote Integration Service is installed, and stop the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components.

  2. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\conf directory.

  3. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS

  4. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service. 

  5. Save and close the file.
  6. Using a text editor, open mcell.dir file located in <Integration Service Install directory>\Agent\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key              <host>/<port>
    #cell_1                     pncell_tsim_server1           *TLS                 cell_1.bmc.com:1828
    #cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  8. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
    cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
    cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following section:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.
  9. Save and close the file.

To configure the default Infrastructure Management Cell

  1. Stop the cell service

    • (Unix) Run the following command:

      mkill -n cellname
    • (Microsoft Windows) Navigate to Start > Settings > Control Panel.
      1. Double-click the Services icon to launch the Services dialog box.
      2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
      3. Click Yes to close the warning message that is displayed. 
        The status for the cell service changes from Started to (blank).
  2. Using a text editor, open mcell.conf file located in <Infrastructure Management Server Install Directory>\pw\server\etc\pncell_<TSIM_MACHINE_NAME> directory.

  3. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  4. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  5. Save and close the file.

To configure a remote Cell

  1. Logon to the computer where the remote cell is installed.
  2. Stop the cell service.

    • (Unix) Run the following command:

      mkill -n cellname
    • (Microsoft Windows) Navigate to Start > Settings > Control Panel.
      1. Double-click the Services icon to launch the Services dialog box.
      2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
      3. Click Yes to close the warning message that is displayed. 
        The status for the cell service changes from Started to (blank).
  3. Using a text editor, open mcell.conf file located in <Remote Cell Install Directory>\pw\server\etc\cell_name directory.

  4. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  5. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  6. Save and close the file.

To start the servers

  1. Start the cell service:

    1. (Unix) Run the following command:

      mcell -n cellname
    2. (Microsoft Windows) Navigate to Start > Settings > Control Panel.
      1. Double-click the Services icon to launch the Services dialog box.
      2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Restart
      3. Click Yes to close the warning message that is displayed. 
        The status for the cell service changes to Started from (blank).

  2. Start the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components.


Note

The Integration Service restart is applicable only to the remote Integration Service. The local Integration Service is restarted automatically along with the Infrastructure Management Server.

Perform the following steps to roll back the Infrastructure Management Server to Oracle database communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax
    perl switchTLSMode.pl -<on/off> -flow <communication channel> -dbport <Oracle Database port> -dbver <Oracle Database version>

    #Example
    perl switchTLSMode.pl -off -flow oracle -dbport 1521 -dbver 19C

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS mode of communication and enables the defaulttcp/ssl configuration.
    • -flow: oracle option will select the Infrastructure Management Server to Oracle database communication channel.
    • -dbport: Provide the port number that is configured for the Oracle database communication.
    • -dbver: Provide the Oracle database version. There are two compatible Oracle database versions: 12C, 19C

  3. Open the pronet.conf file in the <Infrastructure Management Server Install directory>\pw\custom\conf directory, and verify that the configuration parameters are set as shown in the following code block:

    pronet.api.database.portnum=1521
    #Configuration settings to make TLS compliant
    pronet.api.database.conntype=tcp
  4. Verify that the JDBC driver ojdbc7_patched.jar is copied in the <TrueSight Installation Directory>\pw\apps3rdparty\jdbc directory.

  5. Start the Infrastructure Management Server by running the following command:

    pw system start

Perform the following steps to roll back the PATROL Agent to Integration Service communication to default configuration. 

To configure the remote Integration Service

  1. Stop the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components.

  2. Navigate to the <Remote Integration Service Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
    $cd <Remote Integration Service install directory>\agent\patrol\common\security\config_v3.0

    # Unix operating system
    $cd <Remote Integration Service install directory>/agent/patrol/common/security/config_v3.0

  3. Run the following command:

    #Syntax
    set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
    #Example
    $set_unset_tls_IS.cmd <Remote Integration Service Install Directory> UNSET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity "PatrolServer - BMC"

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Navigate to the <Infrastructure Management Server Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
    $cd <Infrastructure Management Server Install Directory>\pw\patrol\common\security\config_v3.0

    # Unix operating system
    $cd <Infrastructure Management Server Install Directory>/pw/patrol/common/security/config_v3.0

  3. Run the following command:

    #Syntax
    set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
    #Example
    $set_unset_tls_IS.cmd <Infrastructure Management Server Install Directory>\pw  UNSET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity "PatrolServer - BMC"

Parameter description

The following notes describe the key parameters used in the preceding command:

  • Use the set_unset_tls_IS.cmd script on the Microsoft Windows operating system, and the set_unset_tls_IS.sh script on the Unix operating system.
  • set_unset_tls.sh -h will display the help for the set_unset_tls_IS command.
  • There are six command line arguments for the set_unset_tls_IS script as explained in the following section:
    • $BMC_ROOT: The directory where the Integration Service is installed.
    • SET_TLS / UNSET_TLS: The second command line argument can either be SET_TLS, or UNSET_TLS. If you select SET_TLS, the Integration Service is configured in TLS mode. If you select UNSET_TLS, the Integration Service is configured in Non-TLS mode.
    • security_level: Applicable security levels are 2,3, and 4. The current value of this variable represents the security level at which the Integration Service is running.
    • serverDbPath: The directory where the server certificates are present. This argument is mandatory for all the security_levels of the Integration Service.
    • identity: The certificate identity. If you do not specify any value to this argument, the default value is set to "PatrolServer - BMC".

To configure the PATROL Agent

By default, the PATROL Agent uses either Transmission Control Protocol (TCP) or Secure Sockets Layer (SSL) protocol for communication. BMC provides an option to configure the PATROL Agent to enable TLS 1.2. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

  1. Navigate to the config_v3.0 folder by running the following command:

    # Microsoft Windows operating system
    $cd <PATROL Agent installation directory>\common\security\config_v3.0
     
    # Unix operating system
    $cd <PATROL Agent installation directory>/common/security/config_v3.0

  2. Run the script to disableTLS mode as shown in the following code block:

    #Syntax
    set_unset_tls.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -clientDbPath <clientDbPath> -identity <identity>
    #Example
    $set_unset_tls.cmd "C:\Program Files (x86)\BMC Software" UNSET_TLS 0 -serverDbPath "C:\Certificates\server_db" -clientDbPath "C:\Certificates\client_db" -identity bmcpatrol

    Notes

    • Use set_unset_tls.cmd script on the Microsoft Windows operating system, and set_unset_tls.sh script on the Unix operating system.

    • When you run the set_unset_tls.sh script on AIX and HP-UX operating systems to enable TLS 1.2, the system creates symbolic links for Mozilla NSS v3.20 libraries in the default system library directory /usr/lib.

    • set_unset_tls.sh -h will display the help for the set_unset_tls command.
    • There are six command line arguments for the set_unset_tls script as explained in the following section:
      • BMC_ROOT: The directory where the PATROL Agent is installed.
      • SET_TLS / UNSET_TLS: The second command line argument can either be SET_TLS, or UNSET_TLS. If you select SET_TLS, the PATROL Agent is configured in TLS mode. If you select UNSET_TLS, the PATROL Agent is configured in Non-TLS mode.
      • security_level: Applicable security levels are 2,3, and 4.
      • serverDbPath: The directory where the server certificates are present. This argument is mandatory if the security_level is set to 3.
      • clientDbPath: The directory where the client certificates are present. This argument is mandatory if the security_level is set to 3.
      • identity: The certificate identity. If you do not specify any value to this argument, the default value is set to bmcpatrol.

To start the servers

Restart the following servers based on the Integration Service type.

  1. Start the Integration Service:

  2. Start the PATROL Agent by running the following command:

    #If you do not specify the port number, the PATROL Agent will use the default port number, 3181.
    patrolagent -p <port number>

    For more information, see Starting and stopping the PATROL Agent.

Perform the following steps to roll back the Infrastructure Management Server to BMC Impact Integration Web Services (IIWS) communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\server\etc directory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

    #gateway.imcomm    IIWSGatewayServer    *TLS    IIWSGatewayServer.bmc.com:1859

  4. Set the encryption key as shown in the following code block:

    gateway.imcomm    IIWSGatewayServer    mc    IIWSGatewayServer.bmc.com:1859

    Note

     IIWSGatewayServer is the name of the host computer where the BMC Impact Integration Web Services is installed.

  5. Save and close the file.

To configure the BMC Impact Integrations Web Services server

  1. Navigate to the  <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc directory by running the following command:

    # Microsoft Windows operating system
    $cd <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc

    # Unix operating system
    $cd <Impact Web Services installation directory>/tomcat/webapps/imws/WEB-INF/etc
  2. Using a text editor, open the mcell.dir file.

  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #type                                     Name                              encryption key                       <Host>:1828
    #gateway.imcomm                         IIWSGatewayServer                       *TLS                           localhost:1859
    #cell                                   pncell_tsim_server                      *TLS                           tsim_server.bmc.com:1828

  4. Set the encryption key value to mc as shown in the following code block:

    #syntax
    #type                                     Name                            encryption key                       <Host>:1828
    #example
    gateway.imcomm                         IIWSGatewayServer                       mc                           localhost:1859
    cell                                   pncell_tsim_server                      mc                           tsim_server.bmc.com:1828

    Note

    • Replace the localhost by the computer name where the IIWS server is installed.
    • tsim_server is the name of the host computer where the Infrastructure Management Server is installed.
  5. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start
  2. Restart the IIWS server by running the following commands:
    1. From the desktop or Start menu, navigate to Services.
    2. To stop the server, select the BMC Impact Integration Web Services service, and right-click to open the menu. The service name is BMCIWS, and the display name is Impact Integration Web Service.
    3. To stop the application server, select Stop.

Perform the following steps to roll back the Infrastructure Management Server to BMC TrueSight Operations Management Reporting communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

     #Type                            <name>             encryption key             <host>/<port>
    #cell                      ts_event_gateway        *TLS                localhost:1900   

  4. Set the encryption key value to mc as shown in the following code block:

     #Type                            <name>             encryption key         <host>/<port>
     cell                      ts_event_gateway        mc                localhost:1900   
  5. Save and close the file.

To configure the BMC TrueSight Operations Management Reporting

  1. Stop the Reporting engine service. For more information, see Stopping the Reporting Engine service.

  2. Navigate to the reportsCLIdirectory by running the following command:

    # Microsoft Windows operating system
    $cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI

    # Unix operating system
    $cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI

  3. Run the command as shown in the following code block:

    TLSConfig disable -keystore <keystorefile> -keystorepassword <keystore password> -truststore <truststorefile> -truststorepassword <truststore password>

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • <keystorefile>: The path and the file name of the keystore
    • <keystore password>: Password for the keystore
    • <truststorefile>: The path and the file name of the truststore
    • <truststore password>: Password for the truststore

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

  2. Restart the TrueSight Operations Management Reporting component. For more information, see Starting the TrueSight Operations Management Reporting Engine service

Perform the following steps to roll back the Publishing Server to Infrastructure Management server communication to default configuration.

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.

  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>              encryption key                    <host>/<port>
    #cell                      pncell_hostname         *TLS                 pncell_hostname.bmc.com:1828
    #gateway.imcomm              gw_ps_pncell_hostname       *TLS                      hostname.bmc.com:1839

  4. Set the encryption key value to mc as shown in the following code block:

     #Type                            <name>             encryption key               <host>/<port>
     cell                      pncell_hostname        mc                 pncell_hostname.bmc.com:1828
    gateway.imcomm              gw_ps_pncell_hostname       mc                      hostname.bmc.com:1839
  5. Save and close the file.
  6. Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.

  7. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  8. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  9. Save and close the file.

  10. Start the Infrastructure Management Server by running the following command:

    pw system start

Where to go from here

Securing-communication-among-Infrastructure-Management-components

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*