How to renew RTSM certificates on port 8443

  • Document ID:KM03277427
  • Creation Date:29-Oct-2018
  • Modified Date:29-Oct-2018
    • Micro Focus Products:
      operations bridge (omi,shr,ss,oa,pa)

Summary

for BSM 9.26 but applies to Omi 10.6x as well

Question

Use the procedure below to renew RTSM certificates on port 8443.

Answer

  1. Consolidate .cer and .key to .pfx, create .pfx file, PKCS12 container, openssl location is: [HPBSM home dir]\WebServer\bin, all passwords should be "hppass"

openssl pkcs12 -export -in "C:\svlbsmgw01.cer" -inkey "C:\svlbsmgw01.key" -out "C:\svlbsmgw01.pfx"

  1. Convert .pfx you already have to jks server.keystore, keytool  location is: [HPBSM home dir]\JRE\bin, all passwords should be "hppass"

keytool -importkeystore -srckeystore "C:\svlbsmgw01.pfx" -srcstoretype PKCS12 -deststoretype JKS -destkeystore c:\server.keystore

You should get the following output:

              Enter destination keystore password:

              Re-enter new password:

              Enter source keystore password:

              Entry for alias "1" successfully imported.

              Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

  1. Now we need to change the alias name "1" to "hpcert"

keytool -changealias -keystore c:\server.keystore -alias 1 -destalias hpcert

3. a. Optional, if the original password of private key was different then hppass:             keytool -keypasswd -keystore my.keystore -alias my_name

  1. Run the following in order to verify the alias name:

keytool -v -list -keystore  c:\server.keystore

You should get the following output:

              C:\HPBSM\JRE\bin>keytool -v -list -keystore  c:\server.keystore

                           Enter keystore password:

                           Keystore type: JKS

                           Keystore provider: SUN

                           Your keystore contains 1 entry

                           Alias name: hpcert

                           Creation date: Feb 17, 2016

                           Entry type: PrivateKeyEntry

                                                   

  1. Import Root CA certificate to RTSM server.truststore

keytool.exe -importcert -file c:\BSM-GW-rootcert.cer –keystore [HPBSM home dir]\odb\conf\security\server.truststore" -storepass hppass

  1. Stop BSM.
  2. Go to [HPBSM home dir]\odb\conf\security
  3. Backup the server.keystore
  4. Replace old server.keystore with new one that we are created before.
  5. Add the following line at the bottom of the java.security files in both:
    1. [HPBSM home dir]\JRE64\lib\security\java.security

And

  1. [HPBSM home dir]\JRE\lib\security\java.security

jdk.tls.disabledAlgorithms=MD5, DSA, RC4, SHA1, SSLv3, RSA keySize < 2048

  1. Start BSM/OMi