Skip to Content

Applying security certificates to your applications

Use security certificates to enable communication between BMC Helix Innovation Suite and application components with third-party services that do not have trusted CA signed security certificates. Use a custom CA certificate with third-party service public keys for authentication and add it to the trust store.

Related topics

Preparing to use self-signed or custom CA certificates

Performing the BMC Helix Service Management installation

 

You can apply a security certificate while installing BMC Helix Service Management or post-installation of BMC Helix Service Management.

To apply a security certificate post-installation of BMC Helix Service Management

  1. On the BMC Helix Deployment Engine, navigate to the HELIX_ONPREM_DEPLOYMENT pipeline.
  2. In the HELIX_ONPREM_DEPLOYMENT pipeline, in the Build History section, select the last job, and click Rebuild.
  3. In the ENVIRONMENT DETAILS section, in the CUSTOM_CERTIFICATE parameter, click Browse and upload your custom certificate file.
    Warning

    Important

    Upload a single certificate file only when the CA chain contains one certificate or when using a self-signed certificate. If the CA chain contains multiple CA certificates, add each certificate to a separate file, create a .zip archive, and upload the archive. Do not upload a single file that contains the complete CA chain, because only the first certificate in each file is imported.

  4. In the ENVIRONMENT DETAILS section, select DEPLOYMENT_TYPE as SERVICE.
  5. In the PIPELINES section, select both the HELIX_GENERATE_CONFIG and HELIX_RESTART check box.
  6. Build the HELIX_ONPREM_DEPLOYMENT pipeline by using the Rebuild option.

  7. Make sure that the HELIX_ONPREM_DEPLOYMENT pipeline runs successfully.

    Warning

    Important

    • The cacerts file is checked into the Git repository when the HELIX_GENERATE_CONFIG pipeline runs successfully. In case of any failures in the HELIX_ONPREM_DEPLOYMENT or HELIX_GENERATE_CONFIG pipelines, you must upload the cacerts file in the HELIX_ONPREM_DEPLOYMENT pipeline until the HELIX_GENERATE_CONFIG pipeline executes successfully at least once.
    • You do not need to upload the cacerts file for consecutive execution of the HELIX_ONPREM_DEPLOYMENT pipeline and other pipelines if you do not select the HELIX_GENERATE_CONFIG pipeline.

     

To add the Java keystore file post-installation of BMC Helix Platform Common Services

If you do not copy the Java keystore to common/certs folder during installation of BMC Helix Platform Common Services, perform the following steps:

  1. Create the rsso-java-custom-keystore-cm configmap by using the following command:

    kubectl -n <BMC Helix Platform Common Services namespace> create configmap rsso-java-custom-keystore-cm --from-file=/path/to/rsso_custom_java_keystore  --dry-run=client -o yaml | kubectl  apply -f –

     

  2. To mount the configmap, restart the BMC Helix Single Sign-On pods by using the following command:

    kubectl -n <BMC Helix Platform Common Services namespace> rollout restart deployment rsso

     

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Service Management Deployment 26.1.01