SslConfig health check shows missing items from Event and Device Manager services
search cancel

SslConfig health check shows missing items from Event and Device Manager services

book

Article ID: 271284

calendar_today

Updated On:

Products

CA Performance Management Network Observability

Issue/Introduction

The DX NetOps Enable HTTPS for NetOps Portal documentation topic goes over SSL configurations.

We upgraded a Portal server that already had SSL configured on CA signed certificates. When running the SslConfig health check it reports issues with the Event Manager and Device Manager services SSL configurations.

How to we fix this, enabling SSL for those services, without disturbing the existing SSL configuration and certificates?

How do I configure HTTPS on Event Manager and Device Manager?

The SslConfig health check shows these messages in some sections of the output.

In the "============= Validating DX NetOps Portal Console Settings =============" section:

  Validating configuration file
      Critical: The entry dm.url is incorrect in file /opt/CA/PerformanceCenter/PC/webapps/pc/WEB-INF/cfg/portal.console.properties
         Ensure that the properties pc.protocol, pc.port, dm.url, and em.url in the portal.console.properties file are correct

In the "============= Validating Event Manager Settings =============" section:

   Validating configuration file
      Critical: The entry dm.url is incorrect in file /opt/CA/PerformanceCenter/EM/webapps/EventManager/WEB-INF/em.properties
         Ensure that the properties em.web.port, dm.url, and em.url in the em.properties file are correct
   Validating data_sources2 table
      Critical: The data source port and protocol in the mysql database do not match the configured values.
         Ensure that the EventManager datasource is registered properly in the DX NetOps Portal Console UI

In the "============= Validating Device Manager Settings =============" section:

   Validating Local Settings (DM Protocol)
      Critical: The value for the URL protocol for Device Manager is not set to https
         Run SsoConfig and set the Local Override for the Web Service Scheme to https
   Validating Local Settings (DM Port)
      Critical: The value for the port for Device Manager is not set
         Run SsoConfig and set the Local Override for the Web Service Port to your desired port (For example: 8482)
   Validating Remote Settings (Console Protocol)
      Warning: The value for the URL protocol for Device Manager is not set to https
         Run SsoConfig and set the Remote Value for the Web Service Scheme to https
   Validating Remote Settings (DM Port)
      Warning: The value for the port for Device Manager is not set
         Run SsoConfig and set the Remote Value for the Web Service Port to your desired port (For example: 8482)
   Validating Local and Remote Settings (DM Port)
      Warning: Local and remote Ports do not match
         Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Web Service Port to your desired port (For example: 8482)
   Validating ssl.ini Settings
      Critical: The entry jetty.ssl.port is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
      Critical: The entry jetty.httpConfig.securePort is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
      Critical: The entry jetty.https.port is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
         Edit the DM/start.d/ssl.ini file. Ensure the entry for --module=ssl, the port entries match your Device Manager Port, the passwords match the password used to import the certificate, and the key and trust store paths point to your keystore
   Validating configuration file
      Critical: The entry dm.port is incorrect in file /opt/CA/PerformanceCenter/DM/webapps/dm/WEB-INF/dm.properties
         Ensure that the properties dm.protocol, dm.port, and pc.url in the dm.properties file are correct
   Validating data_sources2 table
      Critical: The data source port and protocol in the mysql database do not match the configured values.
         Verify the port and protocol settings in the data_sources2 table

In the "============= Health Check Results =============" section we see:

All tests of the Single Sign On module succeeded.
DX NetOps Portal Console validation failure count: 1
Event Manager validation failure count: 2
Device Manager validation failure count: 8

Environment

DX NetOps Portal installs with HTTPS enabled, then upgrade from 22.2.7 and earlier releases to 22.2.8 and newer releases

Cause

In 22.2.7 and earlier releases only Portal SSL was supported.

In 22.2.8 new features were added to enable SSL for Event Manager and Device Manager services. It's done automatically when running the SslConfig script to configure SSL.

If SslConfig was used in 22.2.7 and earlier releases, or SSL was configured manually, it will leave the Event Manager and Device Manager services in HTTP configurations.

Resolution

To resolve this run the SslConfig script. Choose to configure SSL.

It will recognize that Portal is already properly configured with an existing SSL certificate. The DM and EM processes will use that same certificate already in place.

Confirm the ports for each service. Default recommendation per documentation are:

  • Event Manager default of 8281 becomes 8282
  • Device Manager default of 8481 becomes 8482
  • For reference recommended Portal console service port is 8182 (non-SSL default 8181) and SSO service is 8382 (non-SSL default 8381).

Processes will restart after the configuration is saved.

Run a new SSL Health Check afterwards with SslConfig. Confirm everything shows as passing.

Additional Information

The SslConfig run assumes the default name for the jetty keystore file of "keystore" in the installation path. If the keystore file has a different name, such as "keystore.ks", the ssl.ini files in each of the folders will require updates to reflect the correct keystore file name. If updating those files, ensure the services are restarted.