Versions Compared

Old Version 1

changes.mady.by.user Niko Puruskainen

Saved on

compared with

New Version Current

changes.mady.by.user Andrew Skinner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Created DateUpdated DateAffects versionFix Version

 

 

All

Description

These general instructions can be used to install a new SSL certificate on a BMC server, please note that when exporting/generating the certificate for use with the BMC the private key needs to be included along with the full certificate chain.

Instructions

Check current certificate from BMC Keystore:

Code Block
keytool -list -v -keystore “C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf\keystore.jks”

...

ui-

...

tabs
UI Tab
titleCER

Using the

...

Java keytool.exe, you can follow the steps below to install a new SSL certificate on your BMC server.

Run commands on Command Prompt which is opened with administrator privileges

Step 1: Stop the BMC service.

...

Step 2: Create the new keystore/keypair.

...

Step 1: Stop the BMC service via the Windows services utility (services.msc), or using the BMC's dektop icons.

Step 2: Create the new keystore/keypair. (everything in <> can be customized)

...


Info
iconfalse
keytool -keystore "path_to\keystore_name.jks" -genkeypair -keyalg RSA -keysize 2048 -validity #of days -dname "cn=domain name, ou=yourOrgUnit , o=yourOrgOrCompany, l=City/locality, st=State/Canton/Province/Land, c=Country_ISO3166-digraph" -alias "domain name"
DNInformationDescriptionExample

ValidityNumber of days how long keystore is valid.365
CNCommon NameThis is fully qualified domain name that you wish to secure example.com
oOrganization NameUsually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp. Example Inc
OUOrganizational UnitInternal organization department/division name IT
lLocalityTown, city, village, etc. name Helsinki
stStateProvince, region, county or stateNorth Karelia
cCountryThe two-letter ISO code for the country where your organization is located FI


(Optional - if "subject alternative name (SAN)" needs to be used):

Expand
Info
iconfalse
keytool -keystore "path_to\keystore_name.jks" -ext san=dns:Name1,dns:Name2 -genkeypair -keyalg RSA -keysize 2048 -validity

...

#of days -dname "cn=

...

domain name,

...

ou=

...

yourOrgUnit , o=

...

yourOrgOrCompany, l=

...

City/

...

locality, st=

...

State/Canton/Province/

...

Land, c=

...

Country_ISO3166-

...

digraph" -alias "

...

domain name"


Step 3: Create a new CSR, Certificate Signing Request, for your new keystore/keypair.

...

Info
iconfalse
keytool -keystore "path_to\keystore_name.jks" -certreq -alias domain_name -file "path_to\filename.csr"

(Optional - if "subject alternative name (SAN)" needs to be used):

Expand
Info
iconfalse
keytool -keystore "path_to\keystore_name.jks" -ext san=dns:Name1,dns:Name2 -certreq -alias domain_name -file "path_to\filename

...

.csr"


Step 4: Send the CSR to a CA (Certificate Authority) to create the new certificate, this can be either an internal CA if one is available or a trusted third party CA.


Step 5: Import the Root CA cert, then the Intermediate CA cert.

...

Info
iconfalse
keytool

...

-keystore "

...

path_to\keystore_name.jks" -importcert -alias rootCA -file "

...

path_to\root.cer"

...

Info
iconfalse
keytool -keystore "

...

path_to\keystore_name.jks" -importcert -alias intCA -file "

...

path_to\int.cer"

Step 5:

...

Import CA-signed certificate and apply the same to the keypair.

...


Info
iconfalse
keytool -keystore

...

path_to\keystore_name.jks -importcert -alias original_keypair_alias -file

...

path_

...

to\CAsigned.cer

Step 6:

...

Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.

Info
iconfalse
keystoreFile="path_to\keystore_name.jks" keystorePass="keystore password"

Step 7:

...

Start the BMC service.



UI Tab
titlePFX
  1. Stop BMC Service
  2. Copy .pfx format certificate file to "\Blancco Management Console\apache-tomcat\conf" folder.
  3. Open server.xml file in text editor located \Blancco Management Console\apache-tomcat\conf and edit following details.
    1. keystoreFile="Certificate_name.pfx"
    2. keystorePass="PFX_certificate_Password"
    3. Add a new value keystoreType="PKCS12" after KeystorePass.
  4. Save the server.xml file.
  5. Start BMC Service.






Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "management_console" and type = "page" and space = "KB"
labelsmanagement_console

...