Integration between Portal and Spectrum OneClick via HTTPS / SSL
Article ID: 202451
Updated On:
Products
Issue/Introduction
After enabling the SSL on the OneClick web server with a self-signed certificate, the Spectrum Data Source test fails in the Performance Management Portal.
These two files in the OneClick web server are properly configured:
$SPECROOT/tomcat/conf/server.xml file
$SPECROOT/tomcat/webapps/axis2/WEB-INF/conf/axis2.xml file
You can set either HTTP, or HTTPS, or both in the axis2.xml file:
<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
Use ports 80 and 443 in the Windows environment.
Environment
Release : All Supported Releases
Component : IM Reporting / Admin / Configuration
Cause
The OneClick SSL certificates and any intermediate certificates have not been imported to the following file on the Performance Management Portal host: /opt/CA/jre/lib/security/cacerts.
Integrate CA Spectrum with CA Performance Management
Resolution
Here are the steps to export the OneClick SSL certificate from the OneClick web server machine:
1. On the OneClick server machine, open a bash shell (bash -login)
2. Navigate to the $SPECROOT/Java/bin/ directory
3. Run the following syntax:
$ ./keytool -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer (Linux)
$ ./keytool.exe -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer (Windows)
4. Enter the keystore password: (which is "changeit" without quotes)
5. The following message is displayed:
Certificate stored in file <OCServer.cer>
6. Copy the $SPECROOT/Java/bin/OCServer.cer file from the OneClick web server machine to the /opt/CA/jre/lib/security/ directory of the Performance Management Portal machine.
Here are the steps to import the OneClick SSL certificate on the Performance Management Portal machine:
7. On the Portal (Performance Management Portal) machine, navigate to the /opt/CA/jre/lib/security/ directory.
$ cd /opt/CA/jre/lib/security/
8. Make a backup/copy of the current /opt/CA/jre/lib/security/cacerts file.
$ cp cacerts cacerts.ori
9. Navigate to the /opt/CA/jre/bin/ directory.
$ cd /opt/CA/jre/bin/
10. Run the following command to import the OCServer.cer certificate into the cacerts file:
$ ./keytool -importcert -alias tomcatssl -file ../lib/security/OCServer.cer -keystore ../lib/security/cacerts
Supply the password "changeit" (without quotes)
Type yes to confirm.
Note: You may need to delete the tomcatssl first in case of error: Certificate not imported, alias <tomcatssl> already exists
./keytool -delete -alias tomcatssl -keystore ../lib/security/cacerts
11. Go to the Performance Management Portal and test the Spectrum Data Source with HTTPS.
12. Save the change.
Additional Information
Spectrum and Portal integration - Data source test failed, Communication with the data source failed
https://knowledge.broadcom.com/external/article?articleId=202988
axis2.xml format error ">" breaks Netops Spectrum-NetOps Portal integration
https://knowledge.broadcom.com/external/article?articleId=221146
Troubleshooting (in case you get the following error in Spectrum Data Source test):
Error Message: Data Souce Test Failed
Communication with data source failed.
1. From a browser open the following URLs to check the axis2 service:
http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
2. From the PC host run the following curl syntaxes:
# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
Expected output:
< HTTP/1.1 200
< Content-Type: text/xml
< Transfer-Encoding: chunked
< Date: Fri, 08 Apr 2022 11:30:55 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
3. Review the PCService.log file (/opt/CA/PerformanceCenter/PC/logs):
# cat PCService.log | grep <OneClick_FQDN>
One example:
| Test DataSource: Spectrum Infrastructure Manager@<OneClick_FQDN>
| Received WebServiceException from version check for data source Spectrum Infrastructure Manager@<OneClick_FQDN>. CAUSE=java.net.SocketTimeoutException: SocketTimeoutException invoking https://<OneClick_FQDN>:443/axis2/services/DataSourceWS: connect timedout. MESSAGE=Could not send Message.. Returning DS_COMM_FAILURE result.
4. Run the following curl and nc syntaxes on DA host:
# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
# nc -z -v <OneClick_FQDN> 80
# nc -z -v <OneClick_FQDN> 443
Some examples:
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
* About to connect() to example.net port 443 (#0)
* Trying 10.xx.yy.zz...
* Connection timed out
* Failed connect to <OneClick_FQDN>:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to <OneClick_FQDN>:443; Connection timed out
# nc -z -v <OneClick_FQDN> 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.xx.yy.zz:80.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
# nc -z -v <OneClick_FQDN> 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
Open port 443 between DA and OneClick host on the firewall.
Feedback
