1 Reply Latest reply on Jun 26, 2020 10:52 AM by Fabien Carmagnolle

    BCM SSL Configuration

    Gaurav Sharma
      Share This:

      Hi All,


      I want to update the DigiCert SSL certificate on BCM/Realy Servers and have already gone through below document.


      BCM - How can I Replace current BCM Certificate Authority with my Authority


      I have few questions as below:

      1. How do I generate the CSR file to request these certificate? From keytool or mtxcert.exe?

      2. What are .kef & .kep files? How can I get these files?

      3. Customer wants to have SSL certificate on all the Relay URLs (Internal & DMZ), Should I get the SSL certificate for each or same wildcard will work?




        • 1. Re: BCM SSL Configuration
          Fabien Carmagnolle



          .kep files contain passphrase generated during the private key encryption process. .kef is related to FIPS standard and may not be present.


          You can generate .kep file,  put unencrypted .key and .crt files in  \master\bin\auth directory then start BCM service : a new \master\bin\auth\<checksum> directory is created and contains both crypted .key, .crt and .kep files.


          A wildcard certificate can be used on all BCM agents, other possibility is to have dedicated certificate on each computer, thi sis much more complicated to implement.


          One thing about BCM certificate, each BCM Master create its own and unique bcm certificate : communication with BCM agent issued from another BCM MAster is not possible because certificates are different. I just indicate this because sometimes customers want to change certificates in order to be sure to use an unique certificate : this is already an unique certificate.