Skip to Content
Information
This version of the software is currently available only to customers in the Controlled Availability (CA) program.

Installing SSL certificates for BMC Helix Data Manager

Use the Secure Sockets Layer (SSL) certificates for securing the communication with BMC Helix Data Manager. Any computer between you and the destination can utilize your user name, passwords, and other sensitive information if the information is not encrypted with an SSL certificate.

BMC Helix Data Manager Workbench has a self-signed certificate generated at the time of installation and is valid for one year. When you access Workbench, the browser will show a warning because of the self-signed certificate.

You can renew your existing self-signed SSL certificate, or install a new certificate authority (CA) signed certificate.

To renew the self-signed SSL certificate

  1. On your system, navigate to <HDM_Installation_directory>/Keystore/hdm-keystore.p12 to find the keystore file.

  2. Open the command prompt with administrative privileges and run the following keytool command to delete the previous self-signed certificate:

    <JAVA_HOME>\bin\keytool -delete -alias tomcat -keystore "<HDM_Installation_directory>/Keystore/hdm-keystore.p12" -storepass <password>
  3. Navigate to <HDM_Installation_directory>\Helix Data Manager\Workbench\bin and run hdmsecure.bat file.

To install a new CA signed SSL certificate

Warning

Important

You must have a certificate from a certificate authority or a CA that is already trusted by your clients.

  1. On your system, navigate to <HDM_Installation_directory>/Keystore/hdm-keystore.p12 to find the keystore file.

  2. Open the command prompt with administrative privileges and run the following keytool command to delete the previous self-signed certificate:

    <JAVA_HOME>keytool -delete -alias tomcat -keystore "<HDM_Installation_directory>/Keystore/hdm-keystore.p12" -storepass <password>

  3. Import the new certificate into the keystore by running the following command:

    Warning

    Important

    The new certificate must be generated with the entry type included as PrivateKeyEntry.

    <JAVA_HOME>\bin\keytool -import -file <New_Certificate_File_Location> -keystore "<HDM_Installation_directory>/Keystore/hdm-keystore.p12" -storepass <password> -alias tomcat
  4. Restart the BMC Helix Data Manager Engine and Workbench services.

To validate the key after installing a new SSL certificate

After you install your own SSL certificate, perform the following steps to validate the key by using the Keystore tool:

  1. Open the command prompt with administrative privileges and navigate to <Helix_Data_Manager_Installation_folder>\Engine\bin folder.
  2. Run the hdmkeystore.bat file to get the encrypted repository password.
    image-2024-2-15_15-36-56.png

  3. Edit the coreconfig.xml file and replace the password with the encrypted repository password, and save.
    image-2024-2-15_15-37-36.png

  4. Copy your p12 file to <Helix_Data_Manager_Installation_folder>\Keystore folder.
  5. In the <Helix_Data_Manager_Installation_folder>\Keystore folder, edit the keystore.properties file and update the following properties with the new values:

    1. keyStoreLocation
    2. keyAlias
    3. keyStorePassword
    4. keyPassPhrase
      Screenshot 2022-10-07 at 11.17.06 AM.png

  2. Open the <Tomcat Installation folder>\Workbench\conf\tomcat.properties file and update the following properties with the new values:
    1. keystore name
    2. keystorepass
    3. keyStoreFile path
      Screenshot 2022-10-07 at 11.18.36 AM.png

  3. Open the <Tomcat Installation folder>\Workbench\conf\config.properties file and replace the password with the encrypted repository password, and save.
    image-2024-2-15_15-39-18.png

  4. Restart the BMC Helix Data Manager Engine and Workbench services.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Data Manager 21.3