Skip to Content
Information

This site will undergo a brief period of maintenance on Friday, 18 December at 12:30 AM Central/12:00 PM IST. During a 30 minute window, site availability may be intermittent.

Enabling TLS authentication between AMI Manager and the user interface

Use one of these procedures to enable TLS for communication between AMI Manager and the user interface:

Warning

Note

You must enable TLS authentication between AMI Manager and the user interface before you start using BMC AMI Ops Insight.

Before you begin

To configure TLS, you need a digital certificate. You should have obtained or generated one before you installed. See TLS Authentication for more details. 

Success

Best practice

  • Copy the amipdt.properties file from <Installation_Folder>/amipdt/bin to the user_home folder and then modify it so that it doesn’t get overwritten when you apply updates.
  • Copy the keystore to the user_home folder so that it doesn't get overwritten when you apply updates.

To implement a certificate issued by a Certificate Authority (CA)

  1. Copy the keystore to the <Installation_Folder>/amipdt/keystore folder or any path to which the user running the product has access.

  2. Modify the SSL CONFIGURATION block in the <Installation_Folder>/amipdt/bin/amipdt.properties file with the values used to generate the certificate.
    Default Block of Commented Properties in amipdt.properties

    SSL Configuration block before modifying
    #SSL CONFIGURATION - Uncomment this if you want to apply your certificate
    # The path to the keystore containing the certificate
    #KEYSTORE_PATH=<KEYSTORE_PATH>
    # The password used to generate the certificate
    #KEYSTORE_PWD=<KEYSTORE_PWD>
    # The alias mapped to the certificate
    #KEY_ALIAS=<KEY_ALIAS>
    Modified SSL Configuration block
    #SSL CONFIGURATION - Uncomment this if you want to apply a certificate
    # The path to the keystore containing the certificate
    KEYSTORE_PATH=<Absolute path of keystore file>
    # The password used to generate the certificate
    KEYSTORE_PWD=<password>
    # The alias mapped to the certificate
    KEY_ALIAS=amioi
  3. Start BMC AMI Ops Insight.

To implement a self-signed certificate

  1. Create a self-signed certificate using the keytool command under java/bin or jre/bin and add it to the PKCS12 keystore.

    Information
    Example

    keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 -validity 3650 -keypass <password> -storepass <password> -storetype PKCS12 -keystore ssl-store.p12

  2.  Copy the generated keystore to the <Installation_Folder>/amipdt/keystore folder.

  3. Modify the SSL CONFIGURATION block in the <Installation_Folder>/amipdt/bin/amipdt.properties file with the values you used to generate the certificate.

    SSL Configuration block before modifying
    #SSL CONFIGURATION - Uncomment this if you want to apply your certificate
    # The path to the keystore containing the certificate
    #KEYSTORE_PATH=<KEYSTORE_PATH>
    # The password used to generate the certificate
    #KEYSTORE_PWD=<KEYSTORE_PWD>
    # The alias mapped to the certificate
    #KEY_ALIAS=<KEY_ALIAS>
    Modified SSL Configuration block
    #SSL CONFIGURATION - Uncomment this if you want to apply a certificate
    # The path to the keystore containing the certificate
    KEYSTORE_PATH=<Installation_Folder>/amipdt/keystore/ssl-store.p12
    # The password used to generate the certificate
    KEYSTORE_PWD=<password>
    # The alias mapped to the certificate
    KEY_ALIAS=selfsigned
  4. Start BMC AMI Ops Insight.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Ops Insight 1.0