Writer instructions

Page title

For most spaces, this page must be titled Space announcements.

For spaces with localized content, this page must be titled Space announcements l10n.

Purpose

Provide an announcement banner on every page of your space.

Location

Move this page outside of your home branch.

Guidelines

Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see MainView Middleware Monitor 9.2.

MainView Middleware Monitor services keys and certificates

If the use_internal_certificates configuration parameter is set to MainView Middleware Monitor generates its own keys and certificates.

Note

On first starting with the use_internal_certificates parameter set to true the 

MVMM

Application Service generates a root key, and stores it in bmtmTunnelRootKeyStore.jks, and it generates its runtime services keys and stores them in bmtmTunnelServiceKeyStore.jks.

You must immediately take the following actions to secure the key stores:

  • Use the Java keytool to change the keystore and key entry passwords.
  • Change the key passwords and keystore password for the tunnel service key store.

    % keytool –storepasswd –keystore bmtmTunnelServiceKeyStore.jks
  • The key passwords and the keystore password must be identical.

    % keytool –keypasswd –alias bmtmservices –keystore bmtmTunnelServiceKeyStore.jks
    % keytool –keypasswd –alias bmtmsigningservice –keystore bmtmTunnelServiceKeyStore.jks
  • Set ssl_keystore_password in Services.cfg. Use the provided OBFPassword tool to obfuscate the password. 
  • Set ssl_truststore_password in Services.cfg. Use the provided OBFPassword tool to obfuscate the password.
  • The MainView Middleware Monitor Services require no runtime access to the root key store, so it can be removed entirely (but it should be retained)

During agent deployment, trusted certificates from the MainView Middleware MonitorServices trust store are made available to the deployed agents in its trust store. MainView Middleware Monitor Agents deployed this way require no further configuration for server authentication.

If client authentication is required each agent must be explicitly authenticated to the MainView Middleware Monitor Services after is has been deployed, as described in the following section.

MainView Middleware Monitor Agent certificates can be revoked (if, for example, an agent key is compromised, you might want to ensure no entity can connect using that compromised certificate). certTool, provided in the MainView Middleware Monitor Services install directory, can be used to list all issued Agent certificates, and to revoke specific certificates.

Note

After using certtool to revoke an Agents certificate, the 

MainView Middleware Monitor

Application Service must be restarted to enforce updated revocations.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*