Created Date | Updated Date | Affects version | Fix Version |
---|---|---|---|
|
| All |
Description
These general instructions can be used to install a new SSL certificate on a BMC server.
Instructions
Check current certificate from BMC Keystore:
keytool -list -v -keystore “C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf\keystore.jks”
Using the Java keytool.exe, you can follow the steps below to install a new SSL certificate on your BMC server.
Run commands on Command Prompt which is opened with administrator privileges
Step 1: Stop the BMC service.
Step 2: Create the new keystore/keypair.
DN | Information | Description | Example |
---|---|---|---|
Validity | Number of days how long keystore is valid. | 365 | |
CN | Common Name | This is fully qualified domain name that you wish to secure | example.com |
o | Organization Name | Usually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp. | Example Inc |
OU | Organizational Unit | Internal organization department/division name | IT |
l | Locality | Town, city, village, etc. name | Helsinki |
st | State | Province, region, county or state | North Karelia |
c | Country | The two-letter ISO code for the country where your organization is located | FI |
(Optional - if "subject alternative name (SAN)" needs to be used):
Step 3: Create a new CSR, Certificate Signing Request, for your new keystore/keypair.
(Optional - if "subject alternative name (SAN)" needs to be used):
Step 4: Import the Root CA cert, then the Intermediate CA cert.
Step 5: Import CA-signed certificate and apply the same to the keypair.
Step 6: Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.
Step 7: Start the BMC service.
- Stop BMC Service
- Copy .pfx format certificate file to "\Blancco Management Console\apache-tomcat\conf" folder.
- Open server.xml file in text editor and edit following details.
- keystoreFile="Certificate_name.pfx"
- keystorePass="PFX_certificate_Password"
- Add a new value keystoreType="PKCS12" after KeystorePass.
- keystoreFile="Certificate_name.pfx"
- Save the server.xml file.
- Start BMC Service.