How to import certificate for SSL/TLS-Remedy AR System Server

Version 61
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy AR System Server


    COMPONENT:

    AR System Server


    APPLIES TO:

    BMC Remedy AR System Server - 9.x - AREA Configuration with TLS, Import SSL certificates



    QUESTION:

    Does Remedy support TLS protocol?
    How do you create a keystore and import the certificate to configure Remedy with SSL/TLS?


    ANSWER:

    Does Remedy support TLS protocol?
       Remedy works with
    TLS protocol since the time it has become serverj.
       Thus now Remedy can work with SSL or TLS.

    How to create keystore and import the certificate to configure Remedy with SSL/TLS?

    General Steps:
    1. Export the certificate from respective server.
    2. Use keytool to import the certificate.
    3. Configure Remedy using SSL.


    Steps to import the certificate to configure Remedy work with SSL or TLS protocol are as below:
    1. Obtain a certificate from the LDAP, Exchange, or other server with which you want to establish an SSL/TLS connection, i.e. export the client certificate with .cer extension.  (You can also use .crt and .der files).

    2. Copy the certificate file to the AR Server in which you want to import it.

        For example: C:\Certificates\xxx.cer

        Where xxx is the certificate name.

    3. Verify which Java path is being used by the AR System server (example:  C:\Program files\Java\jre\bin). This can be verified from the armonitor.cfg/armonitor.conf

    4. Use a tool to import the certificate.   You can use a 3rd party tool such as Key Store Explorer or the built-in keytool.   To use keytool:

      Open a command prompt and use the below command to import the certificate that you downloaded from the server (xxx.cer)
      
      Note:  You can provide a -keystore value that is not an existing file if you want to use your own Java Key Store.
    If you provide a value that does not correspond to an existing file, a new keystore will automatically be created
      
    keytool –import –noprompt –trustcacerts –keystore <path1> -storepass “<password>” –alias <aliasname> -file <path2>
    Where  
       
    • Path1: Java path being used by the AR System Server under \lib\security\cacerts
    •  
    • Password: any password with which the keystore can be accessed, by default is "changeit"
    •  
    • Aliasname: alias name for the certificate to be installed, example: AREALDAP
    •  
    • Path2: path where you have copied the .cer file, example: “c:\Cert\xxx.cer
      
    The above command will import the certificate into the cacerts where it will be available to use with AR server.

    If you are using a keystore other than the default cacerts in the Java path being used by the AR System Server under \lib\security\cacerts, you need to add the following parameters to the arserver.config file in the ARSystem Install Directory:  

    jvm.option.22 = -Djavax.net.ssl.trustStore=<path to file>

      

    jvm.option.23 = -Djavax.net.ssl.trustStorePassword=<password>

      

    jvm.option.24 = -Djavax.net.ssl.keyStoreType=JKS

      
    Note that the jvm.option value will  be dependent on your specific server configuration 
    Note: If the certificates are imported in Java's own keystore "cacerts" & depending upon its type, you may consider using below option: 

    jvm.option.24=-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
      

     


    Article Number:

    000225247


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles