APM/ITAM: Configure APM 12.9 and higher for SSL connectivity

book

Article ID: 193146

calendar_today

Updated On:

Products

CA IT Asset Manager CA IT Asset Manager Asset Portfolio Management ASSET PORTFOLIO MGMT- SERVER

Issue/Introduction

The following article discusses how to enable SSL communications with ITAM

Environment

Release : 12.9, 14.1, 17.1 and higher

Component : CA Asset Portfolio Management

Resolution

Configuring APM 12.9 release and higher for SSL, using IIS 7.x 


1. Configure IIS for SSL


a. On APM Web Server, launch Internet Information Services Manager, highlight the machine name, and double click ‘Server Certificates’

b. Click ‘Create self-signed Certificate’  [Please review "Additional Information" at the bottom of this document before proceeding]

c. Provide a certificate name and click OK. 


d. This creates the certificate below

e. Click on ‘APM Web Site’ and select ‘Bindings’
 

f. Click Add and choose https, and specify the port and the SSL certificate name:

 

IIS is now configured for SSL. 


Proceed to configure APM for SSL

 

2. Configure APM for SSL


a. Login to APM and navigate to Administration – system configuration


b. Click on Web Server and change the protocol to ‘https’ and SAVE. 

c. Click on the Application Server link and change the protocol to https and the port to the SSL port number
 

 

d. Click on the WCF Service link and change the protocol to https://
 

e. Launch SQL Server management studio.  Please take a backup of the al_cdb_configurationparameters table before making any of the following changes:

Run this query to review the setup for the existing Server port:

Select * from al_cdb_configurationparameters where configkey = ‘ServerPort’:

Two rows should return.

Update the port number using this query: 

Update al_cdb_configurationparameters set configvalue = ‘443’ where configkey = ‘ServerPort’

f. If your machine name is using the fully qualified domain name (FQDN), and the server certificate is using the FQDN, then also run these queries:

Select * from al_cdb_configurationparameters where configkey = ‘LoadBalancerName’

The configvalue from this query likely contains the short server name.

To update to the FQDN: 

Update al_cdb_configurationparameters set configvalue = ‘<MyFQDNServerName>” where configkey = ‘LoadBalancerName’

g. Perform an IISRESET; close all browsers and then launch the URL to access ITAM under SSL.

Example:  https://<MyServerName>/ITAM

Additional Information

The above instructions will involve generating a self-signed certificate, which may not necessarily be accepted by your environment.  At step 1-b, you may need to consult with your web or network admin teams to the appropriate step in lieu of generating a self-signed certificate.  Broadcom Support is unable to provide guidance regarding any site specific requirements to obtain an SSL certificate.

See the following URL for an explanation of SSL certificates: 
http://www.techrepublic.com/blog/how-do-i/how-do-i-request-and-install-ssl-certificates-in-iis-70/ 

Attachments