Enabling TLS authentication between AMI Manager and the user interface

Use one of these procedures to enable TLS for communication between AMI Manager and the user interface:

Note

You must enable TLS authentication between AMI Manager and the user interface before you start using BMC AMI Ops Insight.

Before you begin

To configure TLS, you need a digital certificate. You should have obtained or generated one before you installed. See TLS Authentication for more details. 

Best practice

  • Copy the amipdt.properties file from <Installation_Folder>/amipdt/bin to the user_home folder and then modify it so that it doesn’t get overwritten when you apply updates.
  • Copy the keystore to the user_home folder so that it doesn't get overwritten when you apply updates.

To implement a certificate issued by a Certificate Authority (CA)

  1. Copy the keystore to the <Installation_Folder>/amipdt/keystore folder or any path to which the user running the product has access.

  2. Modify the SSL CONFIGURATION block in the <Installation_Folder>/amipdt/bin/amipdt.properties file with the values used to generate the certificate.
    Default Block of Commented Properties in amipdt.properties

    SSL Configuration block before modifying
    #SSL CONFIGURATION - Uncomment this if you want to apply your certificate
    # The path to the keystore containing the certificate
    #KEYSTORE_PATH=<KEYSTORE_PATH>
    # The password used to generate the certificate
    #KEYSTORE_PWD=<KEYSTORE_PWD>
    # The alias mapped to the certificate
    #KEY_ALIAS=<KEY_ALIAS>
    Modified SSL Configuration block
    #SSL CONFIGURATION - Uncomment this if you want to apply a certificate
    # The path to the keystore containing the certificate
    KEYSTORE_PATH=<Absolute path of keystore file>
    # The password used to generate the certificate
    KEYSTORE_PWD=<password>
    # The alias mapped to the certificate
    KEY_ALIAS=amioi
  3. Start BMC AMI Ops Insight.

To implement a self-signed certificate

  1. Create a self-signed certificate using the keytool command under java/bin or jre/bin and add it to the PKCS12 keystore.

    Example

    keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 -validity 3650 -keypass <password> -storepass <password> -storetype PKCS12 -keystore ssl-store.p12

  2.  Copy the generated keystore to the <Installation_Folder>/amipdt/keystore folder.

  3. Modify the SSL CONFIGURATION block in the <Installation_Folder>/amipdt/bin/amipdt.properties file with the values you used to generate the certificate.

    SSL Configuration block before modifying
    #SSL CONFIGURATION - Uncomment this if you want to apply your certificate
    # The path to the keystore containing the certificate
    #KEYSTORE_PATH=<KEYSTORE_PATH>
    # The password used to generate the certificate
    #KEYSTORE_PWD=<KEYSTORE_PWD>
    # The alias mapped to the certificate
    #KEY_ALIAS=<KEY_ALIAS>
    Modified SSL Configuration block
    #SSL CONFIGURATION - Uncomment this if you want to apply a certificate
    # The path to the keystore containing the certificate
    KEYSTORE_PATH=<Installation_Folder>/amipdt/keystore/ssl-store.p12
    # The password used to generate the certificate
    KEYSTORE_PWD=<password>
    # The alias mapped to the certificate
    KEY_ALIAS=selfsigned
  4. Start BMC AMI Ops Insight.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*