How to Configure Support Automation to use SSL

book

Article ID: 48608

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

If may be required to configure Support Automation to include an SSL certificate for additional security. The following steps are provided to give anexample of how to configure Support Automation for SSL using a keystore file.

Solution:

  1. To begin you must generate a keystore file, in order to do this open a command prompt, change directories to the JRE install location (typically a path like "C:\Program Files (x86)\CA\SC\JRE\1.6.0_30") and enter the following command:

          bin\keytool -genkey -alias tomcat -keyalg RSA

    Populate the information accordingly, but it is important that for "First and last name" that you must populate the server host name. The default password is "changeit".

    Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.

    A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, make sure that the directory in which you generate the .keystore file has sufficient permissions for CA Service Desk Manager access.

    Note: For more about specifying a different .keystore file location, see your Tomcat documentation.

    Once the keystore is generated it should be moved to a central location, perhaps to the root of a drive, or to a directory that is accessible outside of the user's home directory.

  2. Once the keystore file is generated the server.xml that is associated to Support Automation must be edited to include the information on the keystore and also SSL must be enabled. Edit the server.xml located in this folder:

    NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf\server.xml

    Find the section similar to:

        <!--          <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"             maxThreads="150" scheme="https" secure="true"             clientAuth="false" sslProtocol="TLS" />	     -->

    The section should be edited to look like:
              <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"                  maxThreads="150" scheme="https" secure="true"          clientAuth="false" sslProtocol="TLS" keystoreFile="<keystoreFilePath>\.keystore" />

    Note: Validate the port being specified is not currently in use.

    "keystorefilepath" must be pointing directly to the location where the keystore file is located

  3. On the Support Automation Main Server open the server.properties located in "NXROOT\bopcfg\www\CATALINA_BASE_SA\webapps\SupportAutomation\WEB-INF\classes\config" and change the following attribute values appropriately

    1. UrlPort: 8443 Note: Port should match the one given in step 2 in the server.xml.

    2. UrlProtocol: https

  4. Log into CA Service Desk Manger with an account with Administration rights and access the Administration tab, go to "Options Manager" and "Support Automation". Find the "supportautomation_url" value and modify the value as

    https:<serverHostName>:< 8443 >/SupportAutomation

    Note: "serverHostName" should be replaced with your server hostname.

    Port should match the one given in step 2 in the server.xml.

  5. Restart the SDM service.

  6. (Optional) If you are accessing CA Service Desk Manager with Internet Explorer, and the Windows Server 2003 is configured for SSL, the browser requires additional configuration. On the Internet Options, Advanced Tab, clear the following options in the Security section:

    1. Check for server certificate revocation (requires restart)

    2. Do not save encrypted pages to disk

    3. After restarting the browser, you can access the CA Service Desk Manager via the SSL-enabled Tomcat server.

    4. Client (Browser) side:

      While Launching the SA Analyst and SA End User if you are getting error like "To help protect your security, Internet Explorer has blocked this website from displaying content with security certificate errors. click here for options..." on Client machine.

    5. Click on Certificate Error link in the beside of URL box in the IE browser and click on the "View Certificates" link.

    6. Click on the "Install Certificate..." button in the Certificate window.

    7. Click on the "Next" button in the Certificate Import Wizard window.

    8. Select "Place all certificates in the following store" radio button, using "Browse..." button select " Trusted Root Certification Authorities" folder name and click on the Next button in the Certificate Import Wizard window.

    9. Click on the "Finish" button in the Certificate Import Wizard window.

    10. Click on the "Yes" button in the Security Warning window.

    11. Message is displayed as "The import was successful." with OK button in the Certificate Import Wizard window. and Click on "OK" button.

    12. Click on the "OK" button in the Certificate window.

    13. SA Analyst and SA End user should be launched without any errors.

    14. Once import is successful restart the browser and attempt to launch the session again.

Environment

Release:
Component: SBAUTO