How to configure Visualizer over SSL.

ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to configure Visualizer over SSL.

book

Article ID: 53193

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

The following are steps to configure Visualizer over SSL. This is specific to CMDB r11.2. Additionally please contact CMDB support for obtaining a test fix.

Solution:

Create a security certificate issuing the following command:

D:\Program Files\CA\SharedComponents\*\jre\bin>
Keytool -genkey -alias tomcat -keyalg RSA -keystore D:\CA\CMDBKeystore

Enter keystore password: changeit
What is your first and last name?
[Unknown]: 10.8.0.244 (servername)
What is the name of your organizational unit?
[Unknown]: ITS
What is the name of your organization?
[Unknown]: State of North Carolina
What is the name of your City or Locality?
[Unknown]: Raleigh
What is the name of your State or Province?
[Unknown]: North Carolina
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=10.8.0.244, OU=ITS, O=State of North Carolina, L=Raleigh, ST=NC
laware, C=US correct?
[no]: yes

Enter key password for <tomcat>
(RETURN if same as keystore password): xxxxxxxxx
Export the Security Certificate

D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
Keytool -export -alias tomcat -file D:\CA\CMDBcert -keystore D:\CA\CMDBKeystore
Enter keystore password: changeit
Certificate stored in file <D:\CA\CMDBcert>

Delete cacerts file from D:\Program~1\CA\SharedComponents\Unicent~1\jre\lib\security\cacerts
Import the Security Certificates

D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
Keytool -import -alias tomcat -trustcacerts -file D:\CA\CMDBcert -keystore D:\Program~1\CA\
SharedComponents\Unicent~1\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh, S
T=North Carolina, C=US
Issuer: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh,
ST=North Carolina, C=US
Serial number: 47878c70
Valid from: Fri Jan 11 10:34:08 EST 2008 until: Thu Apr 10 11:34:08 EDT 2008
Certificate fingerprints:
MD5: 94:E7:2A:6D:10:5D:92:F2:56:EB:BF:84:6E:D1:4D:B0
SHA1: 45:99:7A:EC:50:C2:33:C4:42:95:52:69:F0:51:59:3E:E0:CF:BA:36
Trust this certificate? [no]: yes
Certificate was added to keystore

copy cacerts to all JRE\*\lib\security folders

if you need to redo you must first delete old keystore with keytool -delete -keystore c:\keystore this will ask which alias.

Shutdown the CMDB/Visualizer

WARNING: You must make the Keystore password and Tomcat password the same.

Visualizer tomcat

C:\Program Files\CA\Shared Components\Tomcat\5.5.12\conf\server.xml    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->    <Connector port="9443" maxHttpHeaderSize="8192"           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"           enableLookups="false" disableUploadTimeout="true"           acceptCount="100" scheme="https" secure="true"           clientAuth="false" sslProtocol="TLS"            keystoreFile=" D:\CA\CMDBKeystore"            keystorePass="changeit"/>

Restart Visualizer service.

Configure over Mozilla Firefox (as shown in figure 1):

Figure 1: