This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment. To view the documentation for the latest version, select 23.3.04 from the Product version picker.


Applying security certificates to your applications

Use security certificates to enable communication between BMC Helix Innovation Suite and application components with third-party services that do not have trusted CA signed security certificates. Use a custom CA certificate with third-party service public keys for authentication and add it to the trust store.

You can create a certificate and apply it while installing BMC Helix Service Management or post-installation of BMC Helix Service Management.

Important

To apply a custom or self-signed certificate for HTTPS communication, create the certificate and upload it while installing BMC Helix Service Management.

To apply a security certificate post-installation of BMC Helix Service Management

  2. On the BMC Deployment Engine that is your Jenkins server, navigate to the HELIX_ONPREM_DEPLOYMENT pipeline.
  3. In the HELIX_ONPREM_DEPLOYMENT pipeline, in the Build History section, select the last job, and click Rebuild.
  4. In the CUSTOMER-INFO section, in the CACERTS_FILE parameter, click Browse and upload your custom cacerts file.
  5. In the PRODUCT-DEPLOY section, select only the HELIX_GENERATE_CONFIG check box.
  6. Build the HELIX_ONPREM_DEPLOYMENT pipeline by using the Rebuild option.

  7. Make sure that the HELIX_ONPREM_DEPLOYMENT pipeline runs successfully.

    Important

    The cacerts file is checked into the Git repository when the HELIX_GENERATE_CONFIG pipeline runs successfully. In case of any failures in the HELIX_ONPREM_DEPLOYMENT or HELIX_GENERATE_CONFIG pipelines, you must upload the cacerts file in the HELIX_ONPREM_DEPLOYMENT pipeline until the HELIX_GENERATE_CONFIG pipeline executes successfully at least once.

    You do not need to upload the cacerts file for consecutive execution of the HELIX_ONPREM_DEPLOYMENT pipeline and other pipelines if you do not select the HELIX_GENERATE_CONFIG pipeline.

  8. Delete existing the cacerts secret by using the following command:

    kubectl delete secret cacerts -n <Innovation Suite namespace>

     

  9. Create a new secret.
    1. Copy the cacerts file to a location by using the following command:kubectl create secret -n <Innovation Suite namespace> generic cacerts --from-file=cacerts --dry-run=client -o yaml | kubectl apply -f -

    2. Restart the platform-ftsplatform-user, platform-int, and platform-sr pods by using the following command:

      kubectl rollout restart sts <sts name> -n <Innovation Suite namespace>

      Example:

      kubectl rollout restart sts platform-fts -n <Innovation Suite namespace>

 

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*