3 Replies Latest reply on Jul 5, 2012 10:16 AM by Bill Robinson

    CA Certificate import

    Siddu angadi



      Has anyone imported customer based CA certificate in the Bladelogic Server Automation?


      We need use CA certificate for:


      • Client to App server Communication
      • Appserver to RSCD Agent



      Can anyone please help me?




        • 1. Re: CA Certificate import
          Bill Robinson

          Have you reviewed the section in the docs I noted?  Were there questions w/ that ?

          • 2. CA Certificate import
            Siddu angadi

            Hi Bill,


            We heard back from BMC support that:


            Blade logic does not support external certificate servers since Blade Logic has its own internal certificate servers that it uses to communicate between the Application and the target servers. It uses TLS with client side certifications.


            However, This method is not generally encouraged by the my customer's Digital Security team since the application does not use a customer authorised certificates.


            Is there anyway to use customer authorized certificate for communication between BL App Server and agents?




            • 3. Re: CA Certificate import
              Bill Robinson

              You should be able to generate a CSR and sign that w/ the CA and use that cert in bsa.  But it will probably require running some openssl commands as opposed to the bl_gen_ssl and such.


              I’m not sure I see the point in using their CA – it’s not going to be any more secure that the self-generated ones and there is nothing in the agent or appserver to actually validate the customer’s CA chain.