Page History
Created Date | Updated Date | Affects version | Fix Version |
---|---|---|---|
|
Description
These general instructions can be used to install a new SSL certificate on a BMC server.
...
- Stop the BMC service.
- (OPTIONAL) Create a new keystore/keypair.
- Create a new CSR for the existing BMC self-signed cert or for your new keystore/keypair.
- Import signed cert keychain or root and intermediate CA in to your keystore.
- Import CA-signed certificate and apply the same to the keypair.
- Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.
- Restart the BMC service.
Code Block |
---|
Step 1: Stop the BMC service via the Windows services utility (services.msc), or using the BMC's dektop icons. |
...
Step 2: Create the new keystore/keypair. |
...
(everything in <> can be customized) |
...
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -genkeypair -keyalg RSA -keysize 2048 -validity <#of days> -dname "cn=<domain name>, |
...
ou=<yourOrgUnit> , o=<yourOrgOrCompany>, l=<City/locality>, st=<State/Canton/Province/Land>, c=<Country_ISO3166-digraph>" -alias "<domain name>" |
...
Step 3: Create a new CSR for your new keystore/keypair. |
...
(everything in <> can be customized) |
...
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -certreq -alias <domain name> -file "<path to>\<filename>.csr" |
...
Step 4: Import the Root CA cert, then the Intermediate CA cert. |
...
(everything in <> can be customized) |
...
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias rootCA -file "<path to>\root.cer" |
...
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias intCA -file "<path to>\int.cer" |
...
Step 5: |
...
Import CA-signed certificate and apply the same to the keypair. |
...
(everything in <> can be customized) |
...
$JAVAHOME\bin\keytool -keystore <path to>\<keystore_name>.jks -importcert -alias original_keypair_alias -file <path_to>\CAsigned.cer |
...
Step 6: |
...
Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert. |
...
keystoreFile="path to\keystore_name.jks" keystorePass="keystore password" |
...
Step 7: |
...
Restart the BMC service. |
Content by Label | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...