Generating new certificates

This procedure describes how to generate new certificates for Control-M/EM and Control-M/Server and replace the pre-installed certificates, which includes updating expiration days and generating the certificates.

To generate certificates:

  1. In the Control-M Configuration Manager, from the Home tab, select System Configuration > Control-M/EM System Parameters.
  2. Define SSL parameters, as described in Defining SSL system parameters.
  3. Select the component in the left pane, and then from the Tools drop-down list, select Security > Manage SSL.
  4. If you want to use the BMC-provided demo certificate as is, select Use the following site certificate authority, and continue as follows:
    1. The parameter fields in the first screen are populated with values supplied by BMC. Click Next.
    2. Select one of the following:
      1. All Components of Control-M to generate certificates for all components
      2. By Component Type, and then select the components from the drop-down list.

      You can also enter a Unique Component Instance ID (email). You can do this for all components of this type, or for each instance of this component. Note that this option is not available for the CONTROL‑M/EM Server component.

    NOTE: For CONTROL-M for z/OS only, you can enter a Key Store Password, which must be eight characters in length.

    1. Accept the default location to save the generated certificates, or enter a new path.
    2. Click Next to generate the certificates, and then Submit after the generation process finishes.
  5. Create a new and unique instance of the pre-installed site Certificate Authority, select Create new Certificate Authority for the site, and then do the following:
    1. Click Yes to accept generating a new certificate.

      You are informed that certificates will be generated for all the Control-M components.

    2. Enter the Country Name, Common Name (FQDM), Email Address and other optional parameters of the CA and click Next.
    3. If you want to use a password, enter the password and click Next.
    4. Accept the default location to save the generated certificates, or type in a new path.
    5. Click Next to generate the certificates.
    6. Click Submit after the generation process finishes.

      The new certificate deployment directories are created in the location you requested in the CCM client machine.

  6. Continue the process by copying the component certificate directories to their relevant locations on the machines with the Control-M components, and by running the deployment scripts on those machines, as described in Deploying SSL on BMC Components.

Parent Topic

Certificates