Description:
The following are steps to configure Visualizer over SSL. This is specific to CMDB r11.2. Additionally please contact CMDB support for obtaining a test fix.
Solution:
- Create a security certificate issuing the following command:
D:\Program Files\CA\SharedComponents\*\jre\bin>
Keytool -genkey -alias tomcat -keyalg RSA -keystore D:\CA\CMDBKeystore
Enter keystore password: changeit
What is your first and last name?
[Unknown]: 10.8.0.244 (servername)
What is the name of your organizational unit?
[Unknown]: ITS
What is the name of your organization?
[Unknown]: State of North Carolina
What is the name of your City or Locality?
[Unknown]: Raleigh
What is the name of your State or Province?
[Unknown]: North Carolina
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=10.8.0.244, OU=ITS, O=State of North Carolina, L=Raleigh, ST=NC
laware, C=US correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): xxxxxxxxx
- Export the Security Certificate
D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
Keytool -export -alias tomcat -file D:\CA\CMDBcert -keystore D:\CA\CMDBKeystore
Enter keystore password: changeit
Certificate stored in file <D:\CA\CMDBcert>
Delete cacerts file from D:\Program~1\CA\SharedComponents\Unicent~1\jre\lib\security\cacerts
- Import the Security Certificates
D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
Keytool -import -alias tomcat -trustcacerts -file D:\CA\CMDBcert -keystore D:\Program~1\CA\
SharedComponents\Unicent~1\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh, S
T=North Carolina, C=US
Issuer: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh,
ST=North Carolina, C=US
Serial number: 47878c70
Valid from: Fri Jan 11 10:34:08 EST 2008 until: Thu Apr 10 11:34:08 EDT 2008
Certificate fingerprints:
MD5: 94:E7:2A:6D:10:5D:92:F2:56:EB:BF:84:6E:D1:4D:B0
SHA1: 45:99:7A:EC:50:C2:33:C4:42:95:52:69:F0:51:59:3E:E0:CF:BA:36
Trust this certificate? [no]: yes
Certificate was added to keystore
copy cacerts to all JRE\*\lib\security folders
if you need to redo you must first delete old keystore with keytool -delete -keystore c:\keystore this will ask which alias.
- Shutdown the CMDB/Visualizer
WARNING: You must make the Keystore password and Tomcat password the same.
Visualizer tomcatC:\Program Files\CA\Shared Components\Tomcat\5.5.12\conf\server.xml <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="9443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=" D:\CA\CMDBKeystore" keystorePass="changeit"/>
Restart Visualizer service.
Configure over Mozilla Firefox (as shown in figure 1):
Figure 1:
<Please see attached file for image>

Click add exception as shown in Figure 2.
Figure 2:
<Please see attached file for image>

Select Get Certificate as shown in Figure 3.
Figure 3:
<Please see attached file for image>

Click on Confirm Security Exception as shown in Figure 4.
Figure 4:
<Please see attached file for image>

Configure over IE as shown in Figure 5:
Figure 5:
<Please see attached file for image>

Select "Install Certificate" and this will bring up the Certificate Import Wizard as shown in Figure 6.
Select "Next".
Figure 6:
<Please see attached file for image>

Select "Automatically select the certificate store based on the type of certificate as shown in Figure 7.
Figure 7:
<Please see attached file for image>

Select "Next" to bring you to the "Completing the Certificate Import Wizard" as shown in Figure 8 and select "Finish.
Figure 8:
<Please see attached file for image>

You should see a prompt similar to what is shown in Figure 9.
Figure 9:
<Please see attached file for image>

Figure 10 shows you the "The import wa successful" prompt.
Figure 10:
<Please see attached file for image>

Figure 11 shows a sample of a Security Alert you may see.
Figure 11:
<Please see attached file for image>

In addition to this certificate import, we should also be applying a test fix to the system. Please contact CMDB Support team to obtain the test fix for CMDB r11.2.