Preparing to use self-signed or custom CA certificates

You can use a self-signed or custom CA certificate as a security certificate for BMC Helix Innovation Suite and Service Management applications in the following scenarios:

• You want to use a custom CA certificate or self-signed certificate to use HTTPS communication for applications.

• You want BMC Helix Innovation Suite to communicate with third-party services that use custom CA certificates.
  When you use BMC Helix Innovation Suite and application components to communicate with third-party services that do not have trusted CA signed security certificates, you must apply security certificates to perform outbound HTTPS calls. To achieve this communication, a security certificate file with third-party service public keys is used for authentication. A platform or application component requires a Java trust store to verify third-party service credentials. You must add the security certificate files to the trust store.

To create a self-signed or custom CA certificate

1. Download the cacerts file.
2. Customize the cacerts file.
   1.  Customize the cacerts file by adding the authentication details required to allow communication between BMC Helix Innovation Suite and application components with third-party services.

   2. To add the new certificate to the trust store, run the following key tool command:

      keytool -importcert -v -alias <alias name> -file <Path of the certificate file that contains the public key>
      -keystore <Path of the cacerts file>

      For example,

      keytool -importcert -v -alias <alias name> -file /tmp/<certificatefilename> -keystore /opt/cacerts

      The key tool prompts for a password.

   3. Enter the password as changeit and press Enter.

To apply a self-signed or custom CA certificate

To apply a custom or self-signed certificate, perform the following actions based on where you want use the certificate: