Import the trusted mutual TLS certificates into the BEMS keystore
BEMS
keystoreIn environments where the metadata endpoint is protected by mutual TLS authentication, you must import the mutual TLS certificate into the
BEMS
keystore. Adding this certificate allows BEMS
respond to mutual TLS verification requests as required. Use DBManager to import the certificates. By default, DBManager is located in the installation folder at <drive
>:\GoodEnterpriseMobilityServer\GoodEnterpriseMobilityServer\DBManager. Save a copy of the .pfx certificate that you exported from the Certificate Authority to a convenient location on the computer that hosts
BEMS
. - On the computer that hosts the on-premises BEMS, verify that the PATH System variable includes the path to the JAVA directory.
- In a command prompt, typeset | findstr "Path".
- PressEnter.
- Make a backup of theJavakeystore file. TheJavakeystore file is located at%JAVA_HOME%\lib\security\cacerts, where JAVA_HOME is confirmed in Step 1.
- Import the mutual TLS certificate.
- On the computer that hostsBEMS, in a command prompt run as administrator, navigate to DBManager.
- Type,tools\dbmanager\target>java -classpath "*" com.good.tools.db.client.Client -dbHost "localhost" -dbName "BEMS_DB_name" -dbType sqlserver -action addprivatekey -keyPassword "password" -p12File "<certificate_file-path>/<file name>.pfx" -alias "mutualTLS" -tenantId "default" -integratedAuth true
- In theWindowsService Manager, restart theGood Technology Common Servicesservice.