Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These general instructions can be used to install a new SSL certificate on a BMC server.

...


Instructions

Check current certificate from BMC Keystore:

Code Block
keytool -list -v -keystore “C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf\keystore.jks”

...

UI Tabs
UI Tab
titleCER

Using the Java keytool.exe, you can follow the steps below to install a new SSL certificate on your BMC server.

...

Run commands on Command Prompt which is opened with administrator privileges

Step 1: Stop the BMC service

...

.

...


Step 2: Create the new keystore/keypair.

...


Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks" -genkeypair -keyalg RSA -keysize 2048 -validity

...

#of days -dname "cn=

...

domain name,

...

ou=

...

yourOrgUnit , o=

...

yourOrgOrCompany, l=

...

City/

...

locality, st=

...

State/Canton/Province/

...

Land, c=

...

Country_ISO3166-

...

digraph" -alias "

...

domain name"
DNInformationDescriptionExample

ValidityNumber of days how long keystore is valid.365
CNCommon NameThis is fully qualified domain name that you wish to secure example.com
oOrganization NameUsually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp. Example Inc
OUOrganizational UnitInternal organization department/division name IT
lLocalityTown, city, village, etc. name Helsinki
stStateProvince, region, county or stateNorth Karelia
cCountryThe two-letter ISO code for the country where your organization is located FI


(Optional - if "subject alternative name (SAN)" needs to be used):

...


Expand
Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks"

...

-ext san=dns:Name1,dns:Name2 -genkeypair -keyalg RSA -keysize 2048 -validity

...

#of days -dname "cn=

...

domain name,

...

ou=

...

yourOrgUnit , o=

...

yourOrgOrCompany, l=

...

City/

...

locality, st=

...

State/Canton/Province/

...

Land, c=

...

Country_ISO3166-

...

digraph" -alias "

...

domain name"


Step 3: Create a new CSR, Certificate Signing Request, for your new keystore/keypair.

...

Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks" -certreq -alias

...

domain_name -file "

...

path_to\filename.csr"

(Optional - if "subject alternative name (SAN)" needs to be used):

...


Expand
Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks"

...

-ext san=dns:Name1,dns:Name2

...

-certreq -alias

...

domain_name -file "

...

path_to\filename.csr"


Step 4: Import the Root CA cert, then the Intermediate CA cert.

...

Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks" -importcert -alias rootCA -file "

...

path_to\root.cer"

...

Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks" -importcert -alias intCA -file "

...

path_to\int.cer"

Step 5:

...

Import CA-signed certificate and apply the same to the keypair.

...


Info
iconfalse
keytool -keystore path_to\keystore_name.jks -importcert -alias original_keypair_alias -file

...

path_

...

to\CAsigned.cer

Step 6:

...

Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.

Info
iconfalse
keystoreFile="path_to\keystore_name.jks" keystorePass="keystore password"

Step 7:

...

Start the BMC service.



UI Tab
titlePFX
  1. Stop BMC Service
  2. Copy .pfx format certificate file to "\Blancco Management Console\apache-tomcat\conf" folder.
  3. Open server.xml file in text editor and edit following details.
    1. keystoreFile="Certificate_name.pfx"
    2. keystorePass="PFX_certificate_Password"
    3. Add a new value keystoreType="PKCS12" after KeystorePass.
  4. Save the server.xml file.
  5. Start BMC Service.






Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "management_console" and type = "page" and space = "KB"
labelsmanagement_console

...