server.xml SSL Visualizer configuration
search cancel

server.xml SSL Visualizer configuration

book

Article ID: 258801

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

Receiving CA Service desk Servlet Error message after installing Visualizer when attempting to open Visualizer from a CI Details page or directly from the URL. This is the 1srt attempt to install Visualizer. It has not been installed in the past.

URLs have been modified to use Https and port 8443.

Environment

Release : 17.3 or higher

CA Service Desk Manager - CMDB Visualizer

Resolution

Please use the following template when modifying the server.xml to configure Visualizer for SSL:

    <Connector SSLEnabled="true" maxThreads="200" port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
      <SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA" honorCipherOrder="true" protocols="TLSv1.2" sslProtocol="TLSv1.2">
        <Certificate certificateKeyAlias="CERTIFICATE-ALIAS" certificateKeystoreFile="D:\KEYSTORE.pfx" certificateKeystorePassword="KEYSTOREPASSWORD" certificateKeystoreType="PKCS12"/>
      </SSLHostConfig>
    </Connector>

You will need to place your SSL certificate in a keystore file ("D:\KEYSTORE.pfx" in the above example), define the keystore password ("KEYSTOREPASSWORD" in the above example), and define a specific alias for that SSL keystore ("CERTIFICATE-ALIAS" in the above example). 

As most SDM installs will have allocated port 8443 for the Service Desk Tomcat if it will also run SSL, please modify the Visualizer port to avoid a port conflict, "9443" in the above example is commonly used.

Additional Information

Visualizer and SDM Tomcat do not share the same Tomcat implementation and have their own separate server.xml files:

SDM Tomcat:  NX_ROOT\bopcfg\www\CATALINA_BASE\conf\server.xml

Visualizer Tomcat:  NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf\server.xml

KB Article 26867 describes how to restart Tomcat by itself without having to restart SDM Services itself.