Unable to access CABI reports after CA PM https configuration
Article ID: 199119
Updated On:
Products
Issue/Introduction
We have migrated CA PM to https
After CA PM's Https configuration CA PM application is working fine but we are not able to access CABI (jasper) reports
Exception:
net.sf.jasperreports.engine.JRException: Unable to load schema version:org.apache.http.conn.HttpHostConnectException: Connect to pmpc:8181 [pmpc/10.192.18.20] failed: Connection refused: connect
Environment
Release : 3.7
Component : IM Reporting / Admin / Configuration
Cause
Self signed certificate is not present in CABI keystore (cacerts)
After enabling HTTPS on CAPM the site will be available on port 8182 (HTTPS) but CABI server will check on port 8181 (HTTP)
Resolution
1. After enabling the CAPM to HTTPS we need to import the certificate to CABI server keystore
Follow the steps given in below KB link
How do you transfer CAPCs HTTPS certificate to CABI on Linux
First Step:
On CAPC Server:
/opt/CA/jre/bin/keytool -list -v -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -storepass changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: capc
Creation date: Sep 10, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Issuer: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Serial number: 1bdfe47f
Valid from: Wed Sep 09 13:05:47 IST 2020 until: Sat Sep 07 13:05:47 IST 2030
Certificate fingerprints:
MD5: 82:77:9E:19:F3:F0:24:BF:44:63:9A:74:2B:77:85:D4
SHA1: BD:DD:5A:CD:D9:24:07:52:E1:4D:32:D7:EC:0F:89:A8:ED:15:3B:10
SHA256: 80:A9:3F:D6:86:B0:CA:BD:A5:8C:7A:C2:CE:B0:75:3C:FC:EC:E4:B7:3D:3A:53:89:0C:DF:90:05:23:FB:84:89
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Second Step:
[[email protected] etc]# /opt/CA/jre/bin/keytool -exportcert -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -storepass changeit -alias capc -file capccert.cer
Certificate stored in file <capccert.cer>
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/CA/PerformanceCenter/jetty/etc/keystore -destkeystore /opt/CA/PerformanceCenter/jetty/etc/keystore -deststoretype pkcs12".
[[email protected] etc]# ls *.cer
capc.cer capccert.cer
[[email protected] etc]#
Third Step:
Copy capccert.cer file to CABI box
Fourth Step:
D:\CA\SC\CA Business Intelligence\java\bin>
keytool -importcert -keystore "D:\CA\SC\CA Business Intelligence\java\lib\security\cacerts" -storepass changeit -alias capc -file "D:\CA\SC\CA Business Intelligence\java\bin\capccert.cer"
Owner: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Issuer: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Serial number: 1bdfe47f
Valid from: Wed Sep 09 13:05:47 IST 2020 until: Sat Sep 07 13:05:47 IST 2030
Certificate fingerprints:
MD5: 82:77:9E:19:F3:F0:24:BF:44:63:9A:74:2B:77:85:D4
SHA1: BD:DD:5A:CD:D9:24:07:52:E1:4D:32:D7:EC:0F:89:A8:ED:15:3B:10
SHA256: 80:A9:3F:D6:86:B0:CA:BD:A5:8C:7A:C2:CE:B0:75:3C:FC:EC:E4:B7:3D:
3A:53:89:0C:DF:90:05:23:FB:84:89
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: pmpc
]
Trust this certificate? [no]: yes
Certificate was added to keystore
D:\CA\SC\CA Business Intelligence\java\bin>
2. Modify the CAPM Data source in CABI Repositories with correct Schema and Port
Login to JasperSoft
Go to repositories -> Edit CAPM Data Store
Change the schema from http to https and Port from 8181 to 8182
click on save
Restart CA Business Intelligent service.
You should be able to access the CABI reports
Note : Used the default folder structure and default passwords in this document. Change them according to your environment
Attachments
Feedback
