integration between SDM and Service Catalog stops working after the upgrade to 17.4 RU2
Article ID: 367879
Updated On:
Products
CA Service Catalog
CA Service Desk Manager
CA Service Management - Service Desk Manager
Issue/Introduction
view.log shows the following error:
com.ca.usm.webservices.WebserviceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
Environment
SDM 17.4 RU2
Service Catalog 17.4 RU2
Cause
CXF web services client SDK is enforcing to have SAN details in the certificate to connect to any endpoint. SDM uses CXF client from 17.4 release and SLCM uses CXF client from 17.4 RU2 release. So when in these releases if the respective products try to connect to any endpoint for integration and if the used Self signed certificate in the target product does not have SAN details, integration fails
Resolution
In Service Catalog:
1. Regenerate a new custom key-store file for Service Catalog using the SAN details.
keytool -genkey -alias <aliasname> -keyalg RSA -keystore "<keystore path>" -ext san=dns:<Service Catalog Server hostname> By default, the validity of the certificate is 90 days. You can extend the certificate duration this using the -validity <number of days> parameter when creating the certificate.
2. After generating the above certificate Run the SSL Configurator Utility by keeping the above generated keystore in the Configurator Utility location and perform the Enable HTTPS for Service Management (Service Desk Manager, xFlow Interface, and Service Catalog) section to enable Https for Service Catalog.
3. Restart Service Catalog.
4. Open Service Catalog Web Interface and verify that the newly created certificate is reflected in the browser.
5. Export the certificate as catalog.crt format and save it.
6. Import the sdm.crt (created in step 5 below into Service Catalog java keystore)
keytool -importcert -file c:\sdm.crt -alias <aliasname> -keystore "C:\Program Files\CA\Service Catalog\embedded\jdk\lib\security\cacerts" (password of keystore is changeit)7. Restart Service Catalog after successful import.
In SDM:
1. Regenerate a new custom key-store file for SDM using the SAN details.
keytool -genkey -alias "itpam" -keyalg RSA -keystore "<keystore path>" -ext san=dns:<SDM Server hostname> By default, the validity of the certificate is 90 days. You can extend the certificate duration this using the -validity <number of days> parameter when creating the certificate.
2. After generating the above certificate Run the SSL Configurator Utility by keeping the above generated keystore in the Configurator Utility location and perform the Enable HTTPS for Service Management (Service Desk Manager, xFlow Interface, and Service Catalog) section to enable Https for SDM and xFlow .
3. Restart SDM and xFlow services.
4. Open the SDM web Interface and verify that the newly created certificate is reflected in the browser.
5. Export the certificate as sdm.crt and save it.
6. Import the catalog.crt (created in step 5 above into SDM java keystore)
keytool -importcert -file c:\catalog.crt -keystore "C:\Program Files (x86)\CA\SC\JRE\11.0.18\lib\security\cacerts" It will ask the password: changeit
keytool -importcert -file c:\catalog.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.18\lib\security\cacerts"
It will ask the password: changeit
7. Restart SDM services after successful import.
Verify SDM-Service Catalog integrations after performing the above steps by running any of the integration usecase.
Note: Make sure to have UI configurations done both in Service Catalog and SDM Administration sections to provide the HTTP configurations of respective products for integration.
Additional Information
Feedback
Yes
No
Powered by
