Applying security certificates to your applications
Use security certificates to enable communication between BMC Helix Innovation Suite and application components with third-party services that do not have trusted CA signed security certificates. Use a custom CA certificate with third-party service public keys for authentication and add it to the trust store.
You can create a certificate and apply it while installing BMC Helix Service Management or post-installation of BMC Helix Service Management.
To apply a security certificate post-installation of BMC Helix Service Management
- Create a custom or self-signed certificate.
- On the BMC Deployment Engine that is your Jenkins server, navigate to the HELIX_ONPREM_DEPLOYMENT pipeline.
- In the HELIX_ONPREM_DEPLOYMENT pipeline, in the Build History section, select the last job, and click Rebuild.
- In the CUSTOMER-INFO section, in the CACERTS_FILE parameter, click Browse and upload your custom cacerts file.
- In the PRODUCT-DEPLOY section, select only the HELIX_GENERATE_CONFIG check box.
- Build the HELIX_ONPREM_DEPLOYMENT pipeline by using the Rebuild option.
Make sure that the HELIX_ONPREM_DEPLOYMENT pipeline runs successfully.
Delete existing the cacerts secret by using the following command:
kubectl delete secret cacerts -n <Innovation Suite namespace>- Create a new secret.
- Copy the cacerts file to a location by using the following command:
kubectl create secret -n <Innovation Suite namespace> generic cacerts --from-file=cacerts --dry-run=client -o yaml | kubectl apply -f - - Restart the platform-fts, platform-user, platform-int, and platform-sr pods by using the following command:
kubectl rollout restart sts <sts name> -n <Innovation Suite namespace>
Example:
kubectl rollout restart sts platform-fts -n <Innovation Suite namespace>
- Copy the cacerts file to a location by using the following command:
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*