Creating a public key infrastructure (PKI) trust store


A trust store contains certificates used for operator and administrator authentication. When an MVCA viewer or CCS client connect and require client certificates, the PKI trust store is accessed to ensure that the user's client certificate is requested and validated using the root certificates in the BMC AMI Ops Console Management certificate trust store.

Related topics

Administering

To create a trust store

  1. Log into your Linux server using SSH shell or PuTTY.

  2. Issue the following command:

    /usr/iocinst/bin/mvcm_trust_create
  3. Obtain the certificate chain that you use to sign operator certificates from your certification authority.
  4. Copy the certificates to: /usr/iocinst/hgc/security.

  5. Import the certificate chain using the following command:

    /usr/iocinst/bin/mvcm_trust_import <certificate file>

    Important

    For <certificate file>, use the name of the PEM file you received from your certificate authority.

  6. Edit all CCS servers and BMC AMI Ops Console Automation servers then select Require Client Certificates option.
  7. Restart all CCS servers and MVCA servers.
  8. Reboot the Linux server to ensure the services are restarted with the new settings.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*