Client Management - How can I Deploy and Activate BCM Authority Certificate when no certificate is already present

Knowledge Article

Client Management - How can I Deploy and Activate BCM Authority Certificate when no certificate is already present
How can I Deploy and Activate BCM Authority Certificate when no certificate is already present
BMC Client Management
All version since 12.8
BMC Client Management
All version since 12.8
How can I Deploy and Activate BCM certificate on my BMC Client Management platform ?
- First step is to verify what is your current security configuration this will determine the way you will have to modify BCM parameters.

- Then verify if BCM Certificate package and rules are available on your BMC Client Management Console 

User-added imageUser-added image

They should be present if your Security Checklist first line is Red in BMC Client Management Console Home Dashboard:

User-added image

In case BCM Certificate package and rules are not available you can create them with this procedure.

- Now, BCM Certificate package and rules are available, but you may have to modify them in following cases :
 
1) Your initial security configuration parameter "Trusted Authority" is set to a different value than "amp".
You have to modify rule "Step 1 - Trust BCM Certificate" in order to replace "amp" with the value from your initial security configuration parameter (some customers may have the very old "criston"authority in place) in step 3 :

User-added image
User-added image
 
2) You are deploying "bcm" certificate in order to activate secure communication, as a consequence you have to modify rule "Step 2 - Activate BCM Certificate" in order to set  "Secure Communication" with "Securized Send, Receive Both"

User-added image

You have to modify rule "Step 3 - Trust BCM Certificate" in order to set parameter "Secure Communication" to "Yes" :

User-added image
User-added image
   
- You can then assign rule "Step 1 - Deploy BCM Certificate" to all your devices.
Once rule "Step 1 - Deploy BCM Certificate" is successfully executed on all devices you can assign rule "Step 2 - Activate BCM Certificate" on all devices.
Same way rule "Step 3" must be successfully executed on all devices before assigning rule "Step 3 - Trust BCM Certificate" to all devices.

Notes that if rules 3 is executed on some devices while rules 1 or 2 are not executed yet on some other devices, communication is broken between these two different groups of devices.
 
BMC Client Management
All version since 12.8
Attachment(s):