Creating and installing a self-signed SSL certificate - Documentation for BMC AMI Command Center for Security 6.2

To create and install a self-signed SSL certificate

Navigate to the System > Network > SSL Cert page.
Select Generate Self-Signed Certificate and click Next.
If you have not previously created a certificate with the utility, this is the only option available.
If a certificate already exists in the system, a message indicates that your newly created certificates will be pending until you commit or discard them.

Enter the following certificate information:

Parameter Description

Parameter	Description
Common Name	Name of server to be protected by the certificate The Common Name (CN) must exactly match the host name or IP address that the service runs on. The TLS connection does not work correctly if the host name of the server does not match the certificate CN field. The default value displays the system's attempt to determine the system host name.
Fully qualified domain name (FQDN) of the server to be protected by the certificate The default value displays the system's attempt to determine the FQDN. The FQDN and CN provide subject alternative name (SAN) DNS entries to the SSL certificate in the following format: `subjectAltName = DNS:` hostName `, DNS:.` hostName* `, DNS:` hostName `.` domain `.com, DNS:.` hostName.domain `.com` The last two DNS entries that include domain values are not used if the Full Name* field is empty. You can use a wildcard with SAN entries to secure multiple domains and subdomains.
Certificate identification information	Certificate owner information Complete the following identifying information about the certificate owner:

Common Name

Name of server to be protected by the certificate

The Common Name (CN) must exactly match the host name or IP address that the service runs on. The TLS connection does not work correctly if the host name of the server does not match the certificate CN field.

The default value displays the system's attempt to determine the system host name.

Fully qualified domain name (FQDN) of the server to be protected by the certificate

The default value displays the system's attempt to determine the FQDN.

The FQDN and CN provide subject alternative name (SAN) DNS entries to the SSL certificate in the following format:

subjectAltName = DNS: hostName , DNS:*. hostName , DNS: hostName . domain .com, DNS:*. hostName.domain .com

The last two DNS entries that include domain values are not used if the Full Name field is empty.

You can use a wildcard with SAN entries to secure multiple domains and subdomains.

Certificate identification information Certificate owner information
Complete the following identifying information about the certificate owner:

Click Next.

The following files are generated in the installationDirectory\system\certs directory and the certificate is installed:

To obtain a CSR file

You can obtain a CSR file to send to your CA to produce a public certificate.

You must have previously created a certificate with the utility.

Navigate to the System > Network > SSL Cert page.
Select Get CSR (Certificate Signing Request) and click Next.
The following page is displayed:
Copy all the content from the box and paste it into a text file. Include the following content:
-----BEGIN CERTIFICATE REQUEST-----
and
-----END CERTIFICATE REQUEST-----
Save the file with a .txt extension.