search cancel

Integration between PC and Spectrum OneClick via HTTPS / SSL


Article ID: 202451


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps CA Spectrum


After enabled the SSL on the OneClick web server with a self-signed certificate, the Spectrum Data Source test fails in Performance Center (PC).


These two files in the OneClick web server are properly configured:

$SPECROOT/tomcat/conf/server.xml file:


$SPECROOT/tomcat/webapps/axis2/WEB-INF/conf/axis2.xml file:


Release : All Supported Releases

Component : IM Reporting / Admin / Configuration


The OneClick SSL certificates and any intermediate certificates have not been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts.


Integrate CA Spectrum with CA Performance Management

Configure CA Spectrum as a Data Source

5. Select the communication protocol.
Before you select https, ensure the following prerequisites:

  • SSL is enabled on the OneClick web server host by configuring the server.xml and axis2.xml files appropriately.
  • The OneClick SSL certificates and any intermediate certificates have been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts. For more information, see the DX NetOps Spectrum documentation.


Here are the steps to export the OneClick SSL certificate from the OneClick web server machine:

1. On the OneClick server machine, open a bash shell (bash -login)

2. Navigate to the $SPECROOT/Java/bin/ directory

3. Run the following syntax:

$ ./keytool -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer

4. Enter the keystore password: (which is "changeit" without quotes)

5. The following message is displayed:

Certificate stored in file <OCServer.cer>


6. Copy the $SPECROOT/Java/bin/OCServer.cer file from the OneClick web server machine to the /opt/CA/jre/lib/security/ directory of the PC (Performance Center/Portal) machine.


Here are the steps to import the OneClick SSL certificate on the Performance Center (PC/Portal) machine:

7. On the PC (Performance Center/Portal) machine, navigate to the /opt/CA/jre/lib/security/ directory.

$ cd /opt/CA/jre/lib/security/

8. Make a backup/copy of the current /opt/CA/jre/lib/security/cacerts file.

$ cp cacerts cacerts.ori

9. Navigate to the /opt/CA/jre/bin/ directory.

$ cd /opt/CA/jre/bin/

10. Run the following command to import the OCServer.cer certificate into the cacerts file:

$ ./keytool -importcert -alias tomcatssl -file ../lib/security/OCServer.cer -keystore ../lib/security/cacerts

Supply the password "changeit" (without quotes)

Type yes to confirm.


11. Go to the Performance Center Portal and test the Spectrum Data Source with HTTPS.

12. Save the change.

Additional Information

Spectrum and PC integration - Data source test failed, Communication with the data source failed


How to enable SSL on OneClick and WebApp with self-signed certificate


Troubleshooting (in case you get the following error in Spectrum Data Source test):

Error Message: Data Souce Test Failed

Communication with data source failed.


1. From a browser open the following URLs to check the axis2 service:


2. From the PC host run the following curl syntaxes:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

Expected output:

< HTTP/1.1 200
< Content-Type: text/xml
< Transfer-Encoding: chunked
< Date: Fri, 08 Apr 2022 11:30:55 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive

3. Review the PCService.log file (/opt/CA/PerformanceCenter/PC/logs):

# cat PCService.log  | grep <OneClick_FQDN>

One example:

     | Test DataSource: Spectrum Infrastructure [email protected]<OneClick_FQDN>
     | Received WebServiceException from version check for data source Spectrum Infrastructure [email protected]<OneClick_FQDN>. SocketTimeoutException invoking https://<OneClick_FQDN>:443/axis2/services/DataSourceWS: connect timedout. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result. 

4. Run the following curl and nc syntaxes on DA host:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

# nc -z -v <OneClick_FQDN> 80
# nc -z -v <OneClick_FQDN> 443

Some examples:

# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
* About to connect() to port 443 (#0)
*   Trying 10.xx.yy.zz...
* Connection timed out
* Failed connect to <OneClick_FQDN>:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to <OneClick_FQDN>:443; Connection timed out

# nc -z -v <OneClick_FQDN> 80
Ncat: Version 7.50 ( )
Ncat: Connected to 10.xx.yy.zz:80.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.

# nc -z -v <OneClick_FQDN> 443
Ncat: Version 7.50 ( )
Ncat: Connection timed out.

Open port 443 between DA and OneClick host on the firewall.