CA Service Management mobile application does not list the PAM tasks assigned to users when PAM require SSL for access

book

Article ID: 35685

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

 

Issue/Problem/Symptoms:

 

When CA IT Process Automation (PAM) is configured to use SSL, configuring the options in option manager are not enough, and some additional steps are required to integrate with Service Desk. These additional steps are described in Implementation Guide (How to Enable Communications When CA Process Automation is SSL Enabled).

Those steps are basically import PAM certificates in Service Desk trusted certificate store.

 

Environment:  

 

Windows

Cause: 

CA Service Management mobile application on the other hand uses REST services to connect to PAM, hence, it may still not work, despite the steps described in the implementation guide were followed.

 

 

Resolution/Workaround:

 

To make sure REST services trust the PAM certificate, the certificate should be imported in Java trusted certificates store.

1. Backup the ...\CA\SC\JRE\1.7.0_10\lib\security\cacerts (this i very important!)
2. Open a cmd as administrator, move to ...\CA\SC\JRE\1.7.0_10\bin directory, and run

keytool.exe -keystore ..\lib\security\cacerts -importcert -alias itpam -file "\Program Files (x86)\CA\Service Desk Manager\bin\itpam.cer"

Notice the above line assume, the name of the pam certificate you use for SDM/PAM integration is named as itpam.cer, and the path to it correspond to the default SDM path. You may need to modify the path if you modified the steps described in Implementation Guide to import the PAM certificate in SDM trusted certificate store.
After execute the line you will be prompted to enter a password. Enter: changeit
-
3. Check the certificate was imported successfully running:
-
keytool.exe -keystore ..\lib\security\cacerts -alias itpam -list
-

   The above command line should list the itapm certificate.

   Again you will be prompted for a password. Enter: changeit

4. If the certificate was imported correctly, you may now recycle service desk, and after this the PAM task should be listed in CA Service Management Mobile application.

 Additional Information:

 

This procedure need to be done where REST and CA Mobile application is running.

This procedure should not be necessary in case PAM uses a certificate from Certificate Authority. In that case the root certificate should already exist in cacerts certificate repository

This procedure should be only necessary in case the certificate used by PAM is a self signed certificate.

This procedure has been successfully tested in R14.1, but it should apply to previous releases too.

IMPORTANT!!!

Make sure a reliable backup has been taken of cacerts file, BEFORE to proceed.

 

Environment

Release:
Component: SDINTE