Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI DevOps for Db2 13.1.

How BMC AMI DevOps performs SSL certificate validation

BMC AMI DevOps uses HTTPS protocol with SSL security protocol. HTTPS protocol secures the communication between the deployment tool, Jenkins, UrbanCode Deploy or HCL Launch and the mainframe server. SSL security protocol establishes an encrypted link between the deployment tool and the mainframe server. This link ensures that all the data passed between the mainframe server and the deployment tool is private and encrypted.

The deployment tool requires mainframe server authentication by way of the SSL protocol. This process is called an SSL handshake. The server sends deployment tool an SSL certificate to authenticate itself. The deployment tool validates the SSL certificate root against its list of root certificate of trusted Certificate Authorities (CAs) available in the truststore. This validation process:

  • Verifies that the server's certificate is signed by the same CA that has issued a root certificate available in the truststore.
  • Checks whether the certificate is valid (not expired), not revoked, and that its common name is valid for the website or host name to which it is connecting.

For a successful SSL certificate validation, you must install the CA root certificate of the mainframe server in one of the following truststores. The environment in which you execute the deployment must contain one of these truststores.

  • An existing truststore defined by the following system properties:
    • javax.net.ssl.trustStore as the file path of the truststore
    • javax.net.ssl.trustStorePassword as the truststore password
  • The java-home/lib/security/jssecacerts file
  • The java-home/lib/security/cacerts file

Important

The java-home variable represents the directory on which the Java Runtime Environment (JRE) is installed.

The SSL certificate validation occurs by default unless you change the value of the TSFLAG variable to FALSE in the plug-in variables file. For more information, see Sample-plug-in-variables-file-AMI_DevOps-properties.

Related topics

Installing

Installing-BMC-AMI-DevOps-on-Jenkins

Installing-BMC-AMI-DevOps-on-UrbanCode-Deploy-HCL-Launch

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*