Preparing to use self-signed or custom CA certificates

You can use a self-signed or custom CA certificate as a security certificate for BMC Helix Innovation Suite and Service Management applications in the following scenarios:

• You want to use a custom CA certificate or self-signed certificate to use HTTPS communication for applications.

• You want BMC Helix Innovation Suite to communicate with third-party services that use custom CA certificates.
  When you use BMC Helix Innovation Suite and application components to communicate with third-party services that do not have trusted CA signed security certificates, you must apply security certificates to perform outbound HTTPS calls. To achieve this communication, a security certificate file with third-party service public keys is used for authentication. A platform or application component requires a Java trust store to verify third-party service credentials. You must add the security certificate files to the trust store.

To create a self-signed or custom CA certificate

1. Download the  cacerts file.
   Do not use the custom_cacerts.pem or cacerts file located in the helix-on-prem-deployment-manager/commons/certs folder that you used for BMC Helix Platform Common Services installation.
2. Customize the cacerts file.

   1. To add the self-signed or custom certificate to the trust store, run the following key tool command:

      Important

      Make sure that you add the full chain certificate to the cacerts.

      keytool -importcert -v -alias <alias name> -file <Path of the certificate file that contains the public key>
      -keystore <Path of the cacerts file>

      For example,

      keytool -importcert -v -alias <alias name> -file /tmp/<certificatefilename> -keystore /opt/cacerts

      The key tool prompts for a password.

   2. Enter the password as changeit and press Enter.

To apply a self-signed or custom CA certificate

To apply a custom or self-signed certificate, perform the following actions based on where you want use the certificate: