Client Management - How can I Deploy and Activate BCM Authority Certificate when no certificate is already present

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Client Management


    APPLIES TO:

    All version since 12.8



    QUESTION:

    How can I Deploy and Activate BCM certificate on my BMC Client Management platform ?


    ANSWER:

    - First step is to verify what is your current security configuration this will determine the way you will have to modify BCM parameters.

    - Then verify if BCM Certificate package and rules are available on your BMC Client Management Console 

    User-added imageUser-added image

    They should be present if your Security Checklist first line is Red in BMC Client Management Console Home Dashboard:

    User-added image

    In case BCM Certificate package and rules are not available you can create them with this procedure.

    - Now, BCM Certificate package and rules are available, but you may have to modify them in following cases :
     

      1) Your initial security configuration parameter "Trusted Authority" is set to a different value than "amp".  
    You have to modify rule "Step 1 - Trust BCM Certificate" in order to replace "amp" with the value from your initial security configuration parameter (some customers may have the very old "criston"authority in place) in step 3 :  
     
      User-added image 
      User-added image 
      
      
      2) You are deploying "bcm" certificate in order to activate secure communication, as a consequence you have to modify rule "Step 2 - Activate BCM Certificate" in order to set  "Secure Communication" with "Securized Send, Receive Both"  
     
      User-added image 
     
    You have to modify rule "Step 3 - Trust BCM Certificate" in order to set parameter "Secure Communication" to "Yes" :  
     
      User-added image
      
      User-added image
        
    - You can then assign rule "Step 1 - Deploy BCM Certificate" to all your devices. 
    Once rule "Step 1 - Deploy BCM Certificate" is successfully executed on all devices you can assign rule "Step 2 - Activate BCM Certificate" on all devices. 
    Same way rule "Step 3" must be successfully executed on all devices before assigning rule "Step 3 - Trust BCM Certificate" to all devices. 

    Notes that if rules 3 is executed on some devices while rules 1 or 2 are not executed yet on some other devices, communication is broken between these two different groups of devices. 
      

     


    Article Number:

    000280177


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles