Have you reviewed the section in the docs I noted? Were there questions w/ that ?
We heard back from BMC support that:
Blade logic does not support external certificate servers since Blade Logic has its own internal certificate servers that it uses to communicate between the Application and the target servers. It uses TLS with client side certifications.
However, This method is not generally encouraged by the my customer's Digital Security team since the application does not use a customer authorised certificates.
Is there anyway to use customer authorized certificate for communication between BL App Server and agents?
You should be able to generate a CSR and sign that w/ the CA and use that cert in bsa. But it will probably require running some openssl commands as opposed to the bl_gen_ssl and such.
I’m not sure I see the point in using their CA – it’s not going to be any more secure that the self-generated ones and there is nothing in the agent or appserver to actually validate the customer’s CA chain.