How to Enable Secure Socket Layer for xFlow Interface using a Certificate (.PFX) From a Certificate Authority (CA)

book

Article ID: 196851

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

How to Enable Secure Socket Layer for xFlow Interface using a CA Certificate (.PFX)

Environment

Release : 17.2

Component : xFlow/Service Point

Resolution

1. Convert the PFX to keystore (.jks):

keytool -importkeystore -srckeystore c:\PKCS_with_Privatekey.pfx -srcstoretype pkcs12 -srcstorepass changeit -destkeystore c:\keystore.jks -deststoretype jks -deststorepass changeit

2. Export the certificate chain as .cer and import into the keystore:

keytool -importcert -trustcacerts -v -alias root -file root.cer -keystore c:\keystore.jks -storepass changeit
keytool -importcert -trustcacerts -v -alias intermmediate -file intermmediate.cer -keystore c:\keystore.jks -storepass changeit
keytool -importcert -trustcacerts -v -alias child -file child.cer -keystore c:\keystore.jks -storepass changeit

3. Create the configuration files for each microservice:

echo -Dhttps.port=9444 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > incidentmicroservice-17.0.479\INCIDENTMICROSERVICE_config.txt
echo -Dhttps.port=9446 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > collabmicroservice-17.0.479\COLLABMICROSERVICE_config.txt
echo -Dhttps.port=9448 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > insightmicroservice-17.1.694\INSIGHTMICROSERVICE_config.txt
echo -Dhttps.port=9450 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > pushmicroservice-17.0.479\PUSHMICROSERVICE_config.txt
echo -Dhttps.port=9452 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > searchmicroservice-17.0.479\SEARCHMICROSERVICE_config.txt

4. Implement steps noted in (Optional) Configuring the xFlow Interface to Connect to SSL based Micro Services documentation: 

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/business-management/ca-service-management/17-1/administering/enable-ssl-authentication-for-ca-service-management-solution/enable-secure-socket-layer-for-xflow-interface.html#concept.dita_3e840a3adc2c26887751ea870beb00257bc9bb73_OptionalConfiguringthexFlowInterfacetoConnecttoSSLbasedMicroServices

5. Restart xFlow services.