Preparing to use self-signed or custom CA certificates

You can use a self-signed or custom CA certificate as a security certificate for BMC Helix Innovation Suite and Service Management applications in the following scenarios:

• You want to use a custom CA certificate or self-signed certificate to use HTTPS communication for applications.

• You want BMC Helix Innovation Suite to communicate with third-party services that use custom CA certificates.
  When you use BMC Helix Innovation Suite and application components to communicate with third-party services that do not have trusted CA signed security certificates, you must apply security certificates to perform outbound HTTPS calls. To achieve this communication, a security certificate file with third-party service public keys is used for authentication. A platform or application component requires a Java trust store to verify third-party service credentials. You must add the security certificate files to the trust store.

To apply a self-signed or custom CA certificate

To apply a custom or self-signed certificate, perform the following actions based on where you want use the certificate:

Use case	Steps to apply a certificate
Use self-signed or custom CA certificate for HTTPS communication	While performing the installation, in the HELIX_ONPREM_DEPLOYMENT pipeline, upload the custom cacerts file in the CUSTOM_CERTIFICATE parameter.
Use custom CA certificate to communicate with third-party services	Apply the custom certificate in any of the following way: During BMC Helix Service Management installation—While performing the installation, in the CUSTOM_CERTIFICATE parameter, upload the custom cacerts file. Post-installation of BMC Helix Service Management—See Applying security certificates to your applications.