Page History
Created Date | Updated Date | Affects version | Fix Version |
---|---|---|---|
|
| All |
Description
These general instructions can be used to install a new SSL certificate on a BMC server, please note that when exporting/generating the certificate for use with the BMC the private key needs to be included along with the full certificate chain.
Instructions
Check current certificate from BMC Keystore:
Code Block |
---|
keytool -list -v -keystore “C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf\keystore.jks” |
...
ui- |
---|
...
tabs | |||||
---|---|---|---|---|---|
|
...
|
...
|
...
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Code Block | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Step 1: Stop the BMC service via the Windows services utility (services.msc), or using the BMC's dektop icons.
Step 2: Create the new keystore/keypair. (everything in <> can be customized)
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -genkeypair -keyalg RSA -keysize 2048 -validity <#of days> -dname "cn=<domain name>, ou=<yourOrgUnit> , o=<yourOrgOrCompany>, l=<City/locality>, st=<State/Canton/Province/Land>, c=<Country_ISO3166-digraph>" -alias "<domain name>"
Step 3: Create a new CSR for your new keystore/keypair. (everything in <> can be customized)
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -certreq -alias <domain name> -file "<path to>\<filename>.csr"
Step 4: Import the Root CA cert, then the Intermediate CA cert. (everything in <> can be customized)
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias rootCA -file "<path to>\root.cer"
$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias intCA -file "<path to>\int.cer"
Step 5: Import CA-signed certificate and apply the same to the keypair. (everything in <> can be customized)
$JAVAHOME\bin\keytool -keystore <path to>\<keystore_name>.jks -importcert -alias original_keypair_alias -file <path_to>\CAsigned.cer
Step 6: Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management
|
Content by Label | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...