Applying security certificates to your applications

Use security certificates to enable communication between BMC Helix Innovation Suite and application components with third-party services that do not have trusted CA signed security certificates. Use a custom CA certificate with third-party service public keys for authentication and add it to the trust store.

You can create a certificate and apply it while installing BMC Helix Service Management or post-installation of BMC Helix Service Management.

Important

To apply a custom or self-signed certificate for HTTPS communication, create the certificate and upload it while installing BMC Helix Service Management.

To apply a security certificate post-installation of BMC Helix Service Management

  1. Create a custom or self-signed certificate.
  2. On the BMC Deployment Engine that is your Jenkins server, navigate to the HELIX_ONPREM_DEPLOYMENT pipeline.
  3. In the HELIX_ONPREM_DEPLOYMENT pipeline, in the Build History section, select the last job, and click Rebuild.
  4. In the CUSTOMER-INFO section, in the CACERTS_FILE parameter, click Browse and upload your custom cacerts file.
  5. In the PRODUCT-DEPLOY section, select only the HELIX_GENERATE_CONFIG check box.
  6. Build the HELIX_ONPREM_DEPLOYMENT pipeline by using the Rebuild option.

  7. Make sure that the HELIX_ONPREM_DEPLOYMENT pipeline runs successfully.

    Important

    The cacerts file is checked into the Git repository when the HELIX_GENERATE_CONFIG pipeline runs successfully. In case of any failures in the HELIX_ONPREM_DEPLOYMENT or HELIX_GENERATE_CONFIG pipelines, you must upload the cacerts file in the HELIX_ONPREM_DEPLOYMENT pipeline until the HELIX_GENERATE_CONFIG pipeline executes successfully at least once.

    You do not need to upload the cacerts file for consecutive execution of the HELIX_ONPREM_DEPLOYMENT pipeline and other pipelines if you do not select the HELIX_GENERATE_CONFIG pipeline.

  8. Delete existing the cacerts secret by using the following command:

    kubectl delete secret cacerts -n <Innovation Suite namespace>

     

  9. Create a new secret.

    1. Copy the cacerts file to a location by using the following command:

      kubectl create secret -n <Innovation Suite namespace> generic cacerts --from-file=cacerts --dry-run=client -o yaml | kubectl apply -f -

       

    2. Restart the platform-ftsplatform-user, platform-int, and platform-sr pods by using the following command:

      kubectl rollout restart sts <sts name> -n <Innovation Suite namespace>

      Example:

      kubectl rollout restart sts platform-fts -n <Innovation Suite namespace>

To add the Java keystore file post-installation of BMC Helix Platform Common Services

If you do not copy the Java keystore to common/certs folder during installation of BMC Helix Platform Common Services, perform the following steps:

  1. Create the rsso-java-custom-keystore-cm configmap by using the following command:

    kubectl -n <BMC Helix Platform Common Services namespace> create configmap rsso-java-custom-keystore-cm --from-file=/path/to/rsso_custom_java_keystore  --dry-run=client -o yaml | kubectl  apply -f –

     

  2. To mount the configmap, restart the BMC Helix Single Sign-On pods by using the following command:
     

    kubectl -n <BMC Helix Platform Common Services namespace> rollout restart deployment rsso

     

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*