Technology
Stefan Damian, , , , Leave a Comment on BMC Remedy AR System Server – 9.x – AREA Configuration with TLS, Import SSL certificate
, , , ,

BMC Remedy AR System Server – 9.x – AREA Configuration with TLS, Import SSL certificate

Does Remedy support TLS protocol?
   Remedy works with TLS protocol since the time it has become serverj.
   Thus now Remedy can work with SSL or TLS.

How to create keystore and import the certificate to configure Remedy with SSL/TLS?
General Steps:
1. Export the certificate from respective server.
2. Use keytool to import the certificate.
3. Configure Remedy using SSL.

Steps to import the certificate to configure Remedy work with SSL or TLS protocol are as below:
1. Obtain a certificate from the LDAP, Exchange, or other server with which you want to establish an SSL/TLS connection, i.e. export the client certificate with .cer extension.  (You can also use .crt and .der files).

2. Copy the certificate file to the AR Server in which you want to import it.

    For example: C:\Certificates\xxx.cer
    Where xxx is the certificate name.

3. Verify which Java path is being used by the AR System server (example:  C:\Program files\Java\jre\bin). This can be verified from the armonitor.cfg/armonitor.conf

4. Use a tool to import the certificate.   You can use a 3rd party tool such as Key Store Explorer or the built-in keytool.   To use keytool:

Open a command prompt and use the below command to import the certificate that you downloaded from the server (xxx.cer)
Note:  You can provide a -keystore value that is not an existing file if you want to use your own Java Key Store.
If you provide a value that does not correspond to an existing file, a new keystore will automatically be created


keytool –import –noprompt –trustcacerts –keystore <path1> -storepass “<password>” –alias <aliasname> -file <path2>
Where

  • Path1: Java path being used by the AR System Server under \lib\security\cacerts
  • Password: any password with which the keystore can be accessed, by default is “changeit”
  • Aliasname: alias name for the certificate to be installed, example: AREALDAP
  • Path2: path where you have copied the .cer file, example: “c:\Cert\xxx.cer


The above command will import the certificate into the cacerts where it will be available to use with AR server.

If you are using a keystore other than the default cacerts in the Java path being used by the AR System Server under \lib\security\cacerts, you need to add the following parameters to the arserver.config file in the ARSystem Install Directory:

jvm.option.22 = -Djavax.net.ssl.trustStore=<path to file>

jvm.option.23 = -Djavax.net.ssl.trustStorePassword=<password>

jvm.option.24 = -Djavax.net.ssl.keyStoreType=JKS


Note that the jvm.option value will  be dependent on your specific server configuration
Note: If the certificates are imported in Java’s own keystore “cacerts” & depending upon its type, you may consider using below option:

jvm.option.24=-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

Leave a Reply