Introduction:


These general instructions can be used to install a new SSL certificate on the BMC server. Obtain a certificate file from a certificate authority or create your own self-signed certificate.

Step-by-step guide

Using the Java keytool.exe, you can follow the steps below to install a new SSL certificate on your BMC server.

  1. Stop the BMC service.
  2. (OPTIONAL) Create a new keystore/keypair.
  3. Create a new CSR for the existing BMC self-signed cert or for your new keystore/keypair.
  4. Import signed cert keychain or root and intermediate CA in to your keystore.
  5. Import CA-signed certificate and apply the same to the keypair.
  6. Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.
  7. Restart the BMC service.


Step 1: Stop the BMC service via the Windows services utility (services.msc), or using the BMC's dektop icons.

Step 2: Create the new keystore/keypair. (everything in <> can be customized)

$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -genkeypair -keyalg RSA -keysize 2048 -validity <#of days> -dname "cn=<domain name>, ou=<yourOrgUnit> , o=<yourOrgOrCompany>, l=<City/locality>, st=<State/Canton/Province/Land>, c=<Country_ISO3166-digraph>" -alias "<domain name>"

Step 3: Create a new CSR for your new keystore/keypair. (everything in <> can be customized)

$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -certreq -alias <domain name> -file "<path to>\<filename>.csr"

Step 4: Import the Root CA cert, then the Intermediate CA cert. (everything in <> can be customized)

$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias rootCA -file "<path to>\root.cer"

$JAVAHOME\bin>keytool -keystore "<path to>\<keystore_name>.jks" -importcert -alias intCA -file "<path to>\int.cer"

Step 5: Import CA-signed certificate and apply the same to the keypair. (everything in <> can be customized)

$JAVAHOME\bin>keytool -keystore <path to>\<keystore_name>.jks -importcert -alias original_keypair_alias -file <path_to>\CAsigned.cer

Step 6: Update the "keystoreFile" and "keystorePass" values in the server.xml file located under "C:\Program Files\Blancco\Blancco Management Console\apache-tomcat\conf" to reflect any changes associated with key/cert.

keystoreFile="path to\keystore_name.jks" keystorePass="keystore password"

Step 7: Restart the BMC service.