Skip navigation

SSL Certificates - Central Management

score 90
You have not voted. Below Review Threshold

Hi All,

 

Out of box, when TrueSight Applications are accessed [TSIM, TSPS, ASSO/RSSO etc.,] in browser, it will give error 'NET::ERR_CERT_AUTHORITY_INVALID' and exception should be made to proceed as 'Insecure Connection'

 

 

Private Certificates should be implemented for TrueSight components, so that communication is secure. As part of implementation, various activities are involved and is time taking. Also, any error during certificate import in Application or dependent components will result in impact to data & event flow. In addition, there are many documentation errors in Private Certificate implementation section and is yet to be corrected

 

Implementing private certificates in TrueSight Operations Management - BMC TrueSight Operations Management 11.0

 

BMC should provide a Central Management tool to manage SSL certificates. Once we place SSL certificates in CER or P7B format, the tool/utility should copy the certificates to necessary components and implement the steps in back-end [import SSL to Application, import SSL to trust store of dependent components etc.,]. This will simplify the process of implementing Private Certificates for TrueSight components

 

To align with Enterprise Security standards, private certificates are usually supplied with 12 or 24 months expiry. Having a Central Management tool will help greatly to simplify the Private Certificates Implementation & Renewal

 

Below are the high level steps I could think of,

 

  • Utility should provide all the components that would be applicable for Private Certificates implementation. TrueSight Administrator to select applicable components for their environment and the type of setup [Standalone, HA, HA+DR]
  • There should be a configuration page to specify user inputs [server host name/IP, install path, key store password, trust store password, alias name etc.,]
  • Pre-requisites check to confirm all the provided details are correct. If any mis-match, error page with details to correct
  • Implement the private certificate in Application component [for example TSIM]
  • Import the private certificate in dependent components [for example, TSPS, IS, ITDA, IIWS, Publishing Server ]
  • Perform a sanity check to confirm SSL Certificate implementation is successful and end-to-end communication is working fine

 

Thanks,

Bhuvan

Comments

Vote history