ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unable to access CABI reports after CA PM https configuration

book

Article ID: 199119

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

We have migrated CA PM to https
After CA PM's Https configuration CA PM application is working fine but we are not able to access CABI (jasper) reports

Exception:

net.sf.jasperreports.engine.JRException: Unable to load schema version:org.apache.http.conn.HttpHostConnectException: Connect to pmpc:8181 [pmpc/10.192.18.20] failed: Connection refused: connect

 

Cause

Self signed certificate is not present in CABI keystore (cacerts)

After enabling HTTPS on CAPM the site will be available on port 8182 (HTTPS) but CABI server will check on port 8181 (HTTP)

 

 

Environment

Release : 3.7

Component : IM Reporting / Admin / Configuration

Resolution

 

1. After enabling the CAPM to HTTPS we need to import the certificate to CABI server keystore

Follow the steps given in below KB link

How do you transfer CAPCs HTTPS certificate to CABI on Linux

First Step:

On CAPC Server:

/opt/CA/jre/bin/keytool -list -v -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -storepass changeit 

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: capc
Creation date: Sep 10, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Issuer: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Serial number: 1bdfe47f
Valid from: Wed Sep 09 13:05:47 IST 2020 until: Sat Sep 07 13:05:47 IST 2030
Certificate fingerprints:
         MD5:  82:77:9E:19:F3:F0:24:BF:44:63:9A:74:2B:77:85:D4
         SHA1: BD:DD:5A:CD:D9:24:07:52:E1:4D:32:D7:EC:0F:89:A8:ED:15:3B:10
         SHA256: 80:A9:3F:D6:86:B0:CA:BD:A5:8C:7A:C2:CE:B0:75:3C:FC:EC:E4:B7:3D:3A:53:89:0C:DF:90:05:23:FB:84:89
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Second Step:

[[email protected] etc]# /opt/CA/jre/bin/keytool -exportcert -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -storepass changeit -alias capc -file capccert.cer
Certificate stored in file <capccert.cer>

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/CA/PerformanceCenter/jetty/etc/keystore -destkeystore /opt/CA/PerformanceCenter/jetty/etc/keystore -deststoretype pkcs12".
[[email protected] etc]# ls *.cer
capc.cer  capccert.cer
[[email protected] etc]#

Third Step:

Copy capccert.cer file to CABI box

Fourth Step:

D:\CA\SC\CA Business Intelligence\java\bin>

keytool -importcert -keystore "D:\CA\SC\CA Business Intelligence\java\lib\security\cacerts" -storepass changeit -alias capc -file "D:\CA\SC\CA Business Intelligence\java\bin\capccert.cer"


Owner: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Issuer: CN=pmpc, OU=Tools, O=PM, L=NewDelhi, ST=NewDelhi, C=IN
Serial number: 1bdfe47f
Valid from: Wed Sep 09 13:05:47 IST 2020 until: Sat Sep 07 13:05:47 IST 2030
Certificate fingerprints:
         MD5:  82:77:9E:19:F3:F0:24:BF:44:63:9A:74:2B:77:85:D4
         SHA1: BD:DD:5A:CD:D9:24:07:52:E1:4D:32:D7:EC:0F:89:A8:ED:15:3B:10
         SHA256: 80:A9:3F:D6:86:B0:CA:BD:A5:8C:7A:C2:CE:B0:75:3C:FC:EC:E4:B7:3D:
3A:53:89:0C:DF:90:05:23:FB:84:89
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: pmpc
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

D:\CA\SC\CA Business Intelligence\java\bin>

 

2. Modify the CAPM Data source in CABI Repositories with correct Schema and Port

Login to JasperSoft

Go to repositories -> Edit CAPM Data Store

Change the schema from http to https and Port from 8181 to 8182

click on save

Restart CA Business Intelligent service.

You should be able to access the CABI reports 

Note : Used the default folder structure and default passwords in this document. Change them according to your environment

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/integrating/integrate-ca-business-intelligence/install-ca-business-intelligence-reports-and-dashboards.html#concept.dita_a427ef405ea14e7ebd052469459ff9b881647c9d_AddaCertificateforSSLEnablednpc

 

Attachments