After CAPM upgrade from 3.7.4 to 21.2.7 I noticed that if I go to DA server - http://<DA_IP>:8581/rest/ I get:
I tested accessing that URL with curl directly on the DA node:
"curl -u admin -vk http://localhost:8581/rest"
[root@DA ~]# curl -u admin -v -s -k -X GET http://localhost:8581/rest/
Enter host password for user 'admin':
* About to connect() to localhost port 8581 (#0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8581 (#0)
* Server auth using Basic with user 'admin'
> GET /rest/ HTTP/1.1
> Authorization: Basic SDweqwfsfqweSDsssd8866=
> User-Agent: curl/7.29.0
> Host: localhost:8581
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Set-Cookie: JSESSIONID=node01q7etqwesvq1381sf7aomij216974.node0; Path=/; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 367
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 Forbidden</title>
</head>
<body><h2>HTTP ERROR 403 Forbidden</h2>
<table>
<tr><th>URI:</th><td>/rest/</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>Forbidden</td></tr>
<tr><th>SERVLET:</th><td>RestServlet</td></tr>
</table>
</body>
</html>
* Connection #0 to host localhost left intact
In the
/opt/app/IMDataAggregator/apache-karaf-4.3.3/data/log/AuthenticationLog.log
I see:
ERROR | 925756901-322120 | 2022-03-15T15:13:44,567 | AuthenticationLog | entication.impl.DaBaseServiceIml 306 | ager.core.authentication | | Basic authorization error - failed to contact sso service. The sso service may be down.
java.net.ConnectException: Connection refused (Connection refused)
Eventually I run the SSL Health Check and see that not all tests are passing:
[root@DA bin]# ./SslConfig
SSL Configuration
This utility allows you to check your SSL configuration and enable Performance Center to use SSL.
Preferred language
1 : English (US)
2 : Français
3 : 日本語
Select your preferred language: 1
Initializing application...
Options
1 : SSL Health Check
2 : Configure SSL
3 : Revert to Default Settings
4 : Import the Data Aggregator certificate
5 : Help
6 : Quit
Select your option: 1
SSL Health Check
Are you sure you want to perform an SSL Health Check [y/n]?: y
Performing SSL Health Check
============= Validating Single Sign On Settings =============
Validating Local Settings (Scheme)
Passed
Validating Local Settings (Port)
Passed
Validating Remote Settings (Scheme)
Critical: The value for the URL scheme for Single Sign On is not set to https
Run SsoConfig and set the Remote Value for the Single Sign On Scheme to https
Validating Remote Settings (Port)
Critical: The value for the port for Single Sign On is not set
Run SsoConfig and set the Remote Value for the Single Sign On Port to your desired port (For example: 8382)
Validating Local and Remote Settings (Port)
Critical: Local and remote Ports do not match
Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Single Sign On Port to your desired port (For example: 8382)
Validating start.ini Settings
Passed
Validating ssl.ini Settings
Passed
Validating SSO Properties
Passed
Validating Settings in CAPerformanceCenter.xml
Critical: The entry SignInPageProductDefaultUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CAPerformanceCenter.xml
Critical: The entry SingleSignOnWebServiceUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CAPerformanceCenter.xml
Edit CAPerformanceCenter.xml in the Single Sign On webapps/sso/configuration directory. The Scheme values should be https. The Port values should be set to the Performance Center port (For example: 8182). If duplicates were found, they must be moved to a backup directory
Validating Settings in CADataAggregator.xml
Critical: The entry SingleSignOnWebServiceUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CADataAggregator.xml
Edit CADataAggregator.xml in the Single Sign On webapps/sso/configuration directory. The SingleSignOnWebServiceUrl Scheme value should be https. The SingleSignOnWebServiceUrl Port value should be set to the Performance Center port (For example: 8182). The SignInPageProductDefaultUrl values should match your Data Aggregator scheme and port. If duplicates were found, they must be moved to a backup directory
Validating SSL Certificate
Passed
============= Validating Performance Center Settings =============
Validating Local Settings (Scheme)
Passed
Validating Local Settings (Port)
Critical: The value for the port for Performance Center is not set
Run SsoConfig and set the Local Override for the Performance Center Port to your desired port (For example: 8182)
Validating Remote Settings (Scheme)
Warning: The value for the URL scheme for Performance Center is not set to https
Run SsoConfig and set the Remote Value for the Performance Center Scheme to https
Validating Remote Settings (Port)
Warning: The value for the port for Performance Center is not set
Run SsoConfig and set the Remote Value for the Performance Center Port to your desired port (For example: 8182)
Validating Local and Remote Settings (Port)
Warning: Local and remote Ports do not match
Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Performance Center Port to your desired port (For example: 8182)
Validating start.ini Settings
Passed
Validating ssl.ini Settings
Critical: The entry jetty.ssl.port is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
Critical: The entry jetty.httpConfig.securePort is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
Critical: The entry jetty.https.port is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
Edit the Performance Center ssl.ini file in the start.d directory. Ensure the port entries match your Performance Center Port, the passwords match the password used to import the certificate, and the key and trust store paths point to your keystore
Validating SSL Certificate
Passed
Release : 21.2
Component : HTTPS configuration
Incomplete / faulty HTTPS configuration of CAPM nodes
How to run SSL Health Check: