We have done the configurations for SPS ProxyUI as per the guideline given in the Secure Cloud 1.54 bookshelf.
When we tried accessing the URL provided in the guide, we got a message that the URL was unreachable
When trying to access the URL with port 8080 and using http, we were able to access the URL.
We also checked the server.xml of the Tomcat webserver in the SPS server, and we found out that port 8443 was SSL enabled and all the requests going to 8080 port should be redirected to 8443.
At the same time it is revealed that there is no process listening on port 8443 (netstat -an | grep 8443 returns nothing)
CA Secure Cloud. All versions
This may be due to a missing Tomcat keystore. If this is the case, the following message will be present in the nohup.out log of Tomcat in the SPS server
Dec 01, 2015 11:20:47 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore SEVERE: Failed to load keystore type JCEKS with path /opt/CA/secure-proxy/Tomcat/../SSL/keys/tomcat.keystore due to /opt/CA/secureproxy/Tomcat/../SSL/keys/tomcat.keystore (No such file or directory) java.io.FileNotFoundException: /opt/CA/secure-proxy/Tomcat/../SSL/keys/tomcat.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method)
1. Run the following command
"$OPENSSL" pkcs12 -export -in $SPS_HOME/SSL/certs/server.crt -inkey $SPS_HOME/SSL/keys/server.key -out serverkey.p12 -name cmcert -passout pass:$_cert_passwd
Here I have specified the standard locations and names, but you need to figure out how those files are called in each case and which one is the key and which one is the certificate for it as they may not be the standard ones
Also the name of the p12 file may be any name of choice
The $_cert_passwd corresponds to the _cert_password value which you can be found inside the properties.sh file for the latest upgrade (if at the beginning of the actions the properties.sh was already sourced or run, then all environment variables will the set and no need to worry about actual values, but we need to make sure the variables are correctly set)
It will also ask you for a passphrase: This is NOT the _cert_passwd in general, but the password with which the private key was protected.
It is strongly advised to put all certificates under the $SPS_HOME/SSL/cert and the keys under the $SPS_HOME/SSL/keys directories, as a good practice
Also the -alias name can be anything. To simplify things let's assume it is called cmcert as in the example.
2. Now it is time to generate the keystore. In the same place where we have the serverkey.p12 run the following
"$KEYTOOL" -importkeystore -deststorepass $_cert_passwd -destkeypass $_cert_passwd -destkeystore tomcat.keystore -srckeystore serverkey.p12 -srcstoretype PKCS12 -srcstorepass $_cert_passwd -alias cmcert
Same thing as before: if serverkey.p12 is a different filename, use the appropriate one, and of course use the values corresponding to _cert_passwd, etc if these have not been defined as environment variables.
3. Restart the SPS services
4. Upon wake up again tomcat should be listening on port 8443, as well as 8080, and the GUI should be accessible on port 8443