The following error appears when trying to attach files to a ticket in CA Service Desk Manager using IIS with SSL:
"Unable to connect make sure servlet server is correct and Tomcat is up and running."
CA Service Desk Manager 14.1, and higher
All Supported Windows Operating Systems
The SSL certificate being used in IIS and Tomcat is different and need to be the same.
Follow the steps below to export the certificate from IIS and configure in Tomcat:
1. Export the certificate from IIS
IIS 7 and later
IIS 6
2. Configure TOMCAT to use the exported SSL certificate:
Make a copy of the file NXROOT\bopcfg\www\CATALINA_BASE\conf\server.xml and then open the file using a text editor.
Locate the following line:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
-->
Change it as follows:
NOTE: be sure to remove the <-- and --> tags that currently comment out the HTTPS/SSL connector for Tomcat and set the appropriate path and password for the SSL certificate.
<Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" clientAuth="false" keystoreFile="C:\keystore\sdm.pfx" keystorePass="YOURPASSWORD" keystoreType="PKCS12" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
3. Repeat the same steps on all CA SDM application/secondary servers.
4. Restart CA SDM services
5. Configure CA SDM to use the SSL server URL via ADMINSTRATION TAB->SYSTEM->SERVERS
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" -
keystoreType=”PKCS12” - this will allow TOMCAT to understand or interpret the new SSLcertificate from IIS.
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" - this tag prevents a known vulnerability.
See also KB Article 39849: Configure SDM with SSL when using IIS with SSL