search cancel

Integration between PC and Spectrum OneClick via HTTPS / SSL

book

Article ID: 202451

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps CA Spectrum

Issue/Introduction

After enabled the SSL on the OneClick web server with a self-signed certificate, the Spectrum Data Source test fails in Performance Center (PC).

 

These two files in the OneClick web server are properly configured:

$SPECROOT/tomcat/conf/server.xml file:

 

$SPECROOT/tomcat/webapps/axis2/WEB-INF/conf/axis2.xml file:

Environment

Release : All Supported Releases

Component : IM Reporting / Admin / Configuration

Cause

The OneClick SSL certificates and any intermediate certificates have not been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts.

 

Integrate CA Spectrum with CA Performance Management

Configure CA Spectrum as a Data Source

5. Select the communication protocol.
Before you select https, ensure the following prerequisites:

  • SSL is enabled on the OneClick web server host by configuring the server.xml and axis2.xml files appropriately.
  • The OneClick SSL certificates and any intermediate certificates have been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts. For more information, see the DX NetOps Spectrum documentation.

Resolution

Here are the steps to export the OneClick SSL certificate from the OneClick web server machine:

1. On the OneClick server machine, open a bash shell (bash -login)

2. Navigate to the $SPECROOT/Java/bin/ directory

3. Run the following syntax:

$ ./keytool -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer

4. Enter the keystore password: (which is "changeit" without quotes)

5. The following message is displayed:

Certificate stored in file <OCServer.cer>

 

6. Copy the $SPECROOT/Java/bin/OCServer.cer file from the OneClick web server machine to the /opt/CA/jre/lib/security/ directory of the PC (Performance Center/Portal) machine.

 

Here are the steps to import the OneClick SSL certificate on the Performance Center (PC/Portal) machine:

7. On the PC (Performance Center/Portal) machine, navigate to the /opt/CA/jre/lib/security/ directory.

$ cd /opt/CA/jre/lib/security/

8. Make a backup/copy of the current /opt/CA/jre/lib/security/cacerts file.

$ cp cacerts cacerts.ori

9. Navigate to the /opt/CA/jre/bin/ directory.

$ cd /opt/CA/jre/bin/

10. Run the following command to import the OCServer.cer certificate into the cacerts file:

$ ./keytool -importcert -alias tomcatssl -file ../lib/security/OCServer.cer -keystore ../lib/security/cacerts

Supply the password "changeit" (without quotes)

Type yes to confirm.

 

11. Go to the Performance Center Portal and test the Spectrum Data Source with HTTPS.

12. Save the change.

Additional Information

Spectrum and PC integration - Data source test failed, Communication with the data source failed

https://knowledge.broadcom.com/external/article?articleId=202988

 

How to enable SSL on OneClick and WebApp with self-signed certificate

https://knowledge.broadcom.com/external/article?articleId=200602

 

Troubleshooting (in case you get the following error in Spectrum Data Source test):

Error Message: Data Souce Test Failed

Communication with data source failed.

 

1. From a browser open the following URLs to check the axis2 service:

http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

2. From the PC host run the following curl syntaxes:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

Expected output:

< HTTP/1.1 200
< Content-Type: text/xml
< Transfer-Encoding: chunked
< Date: Fri, 08 Apr 2022 11:30:55 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive

3. Review the PCService.log file (/opt/CA/PerformanceCenter/PC/logs):

# cat PCService.log  | grep <OneClick_FQDN>

One example:

     | Test DataSource: Spectrum Infrastructure [email protected]<OneClick_FQDN>
     | Received WebServiceException from version check for data source Spectrum Infrastructure [email protected]<OneClick_FQDN>.  CAUSE=java.net.SocketTimeoutException: SocketTimeoutException invoking https://<OneClick_FQDN>:443/axis2/services/DataSourceWS: connect timedout. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result. 

4. Run the following curl and nc syntaxes on DA host:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

# nc -z -v <OneClick_FQDN> 80
# nc -z -v <OneClick_FQDN> 443

Some examples:

# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
* About to connect() to ws2554.statoil.net port 443 (#0)
*   Trying 10.xx.yy.zz...
* Connection timed out
* Failed connect to <OneClick_FQDN>:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to <OneClick_FQDN>:443; Connection timed out

# nc -z -v <OneClick_FQDN> 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.xx.yy.zz:80.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.

# nc -z -v <OneClick_FQDN> 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.

Open port 443 between DA and OneClick host on the firewall.

Attachments