Rest API SSL configuration
search cancel

Rest API SSL configuration

book

Article ID: 375238

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

When Service Desk, including web interface, is used in intranet only, usually you don't need to configure SSL for web interface as it is considered pretty secure in intranet. However, if you have some external integration via Rest API from internet, you would like to configure SSL for Rest API consumption only. This article details the steps you can follow to accomplish that.

Environment

CA Service Desk 17.3 and higher versions

Resolution

Please follow these steps

  1. generate a jks file
    java-home\bin\keytool -genkey -alias sdmrest -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

  2. generate a csr file
    java-home\bin\keytool -certreq -alias sdmrest -keystore c:/certificates/keystore.jks -file servername.csr
    (replace "servername" with the SDM host name where you enable Rest API. it is case sensitive)
    submit the servername.csr to your vendor and your vendor will send you a certificate file servername.cer

  3. import the certificate to the jks file
    java-home\bin\keytool -importcert -file servername.cer -keystore keystore.jks -alias sdmrest

  4. modify the server.xml file
    backup the file server.xml file in SDM-install-folder\bopcfg\www\CATALINA_BASE_REST\conf and then edit the server.xml
    locate the following:

    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    -->

    add the following after these lines shown above

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="C:\certs\keystore.jks"
    keystorePass="changeit"/>

    save the change
    Note: here we assume the keystore.jks file is in C:\certs and the password is changeit. you would need to modify accordingly.

  5. restart Rest Tomcat
    if Service Desk does not start, start Service Desk; if it already started, run
    pdm_tomcat_nxd -c stop -t REST
    wait for one minute or two
    pdm_tomcat_nxd -c start -t REST

  6. make sure Rest API is available via SSL
    from Chrome or other browser, enter
    https://sdm-servername:8443/caisd-rest/rest_access/?_wadl
    you should see the Rest API meta data

Additional Information

Your network team should open the Rest API port for internet. For the example shown above, it is 8443 and you could choose a different port.

SDM/sdm stands for Service Desk Manager.

Powered by Wolken Software