Integration between Portal and Spectrum OneClick via HTTPS / SSL
search cancel

Integration between Portal and Spectrum OneClick via HTTPS / SSL

book

Article ID: 202451

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps CA Spectrum

Issue/Introduction

After enabling the SSL on the OneClick web server with a self-signed certificate, the Spectrum Data Source test fails in the Performance Management Portal.

 

These two files in the OneClick web server are properly configured:

$SPECROOT/tomcat/conf/server.xml file

$SPECROOT/tomcat/webapps/axis2/WEB-INF/conf/axis2.xml file

 

You can set either HTTP, or HTTPS, or both in the axis2.xml file: 

<transportReceiver name="http"
                       class="org.apache.axis2.transport.http.AxisServletListener">
                 <parameter name="port">8080</parameter>
</transportReceiver>

 <transportReceiver name="https"
                       class="org.apache.axis2.transport.http.AxisServletListener">
                 <parameter name="port">8443</parameter>
</transportReceiver>

 

Use ports 80 and 443 in the Windows environment.

Environment

Release : All Supported Releases

Component : IM Reporting / Admin / Configuration

Cause

The OneClick SSL certificates and any intermediate certificates have not been imported to the following file on the Performance Management Portal host: /opt/CA/jre/lib/security/cacerts.

Integrate CA Spectrum with CA Performance Management

Resolution

Here are the steps to export the OneClick SSL certificate from the OneClick web server machine:

1. On the OneClick server machine, open a bash shell (bash -login)

2. Navigate to the $SPECROOT/Java/bin/ directory

3. Run the following syntax:

$ ./keytool -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer    (Linux)

$ ./keytool.exe -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer    (Windows)

4. Enter the keystore password: (which is "changeit" without quotes)

5. The following message is displayed:

Certificate stored in file <OCServer.cer>

6. Copy the $SPECROOT/Java/bin/OCServer.cer file from the OneClick web server machine to the /opt/CA/jre/lib/security/ directory of the Performance Management Portal machine.

 

Here are the steps to import the OneClick SSL certificate on the Performance Management Portal machine:

7. On the Portal (Performance Management Portal) machine, navigate to the /opt/CA/jre/lib/security/ directory.

$ cd /opt/CA/jre/lib/security/

8. Make a backup/copy of the current /opt/CA/jre/lib/security/cacerts file.

$ cp cacerts cacerts.ori

9. Navigate to the /opt/CA/jre/bin/ directory.

$ cd /opt/CA/jre/bin/

10. Run the following command to import the OCServer.cer certificate into the cacerts file:

$ ./keytool -importcert -alias tomcatssl -file ../lib/security/OCServer.cer -keystore ../lib/security/cacerts

Supply the password "changeit" (without quotes)

Type yes to confirm.

 

11. Go to the Performance Management Portal and test the Spectrum Data Source with HTTPS.

12. Save the change.

Additional Information

Spectrum and Portal integration - Data source test failed, Communication with the data source failed

https://knowledge.broadcom.com/external/article?articleId=202988

 

axis2.xml format error "&gt;" breaks Netops Spectrum-NetOps Portal integration

https://knowledge.broadcom.com/external/article?articleId=221146

 

Troubleshooting (in case you get the following error in Spectrum Data Source test):

Error Message: Data Souce Test Failed

Communication with data source failed.

 

1. From a browser open the following URLs to check the axis2 service:

http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

2. From the PC host run the following curl syntaxes:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

Expected output:

< HTTP/1.1 200
< Content-Type: text/xml
< Transfer-Encoding: chunked
< Date: Fri, 08 Apr 2022 11:30:55 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive

3. Review the PCService.log file (/opt/CA/PerformanceCenter/PC/logs):

# cat PCService.log  | grep <OneClick_FQDN>

One example:

     | Test DataSource: Spectrum Infrastructure Manager@<OneClick_FQDN>
     | Received WebServiceException from version check for data source Spectrum Infrastructure Manager@<OneClick_FQDN>.  CAUSE=java.net.SocketTimeoutException: SocketTimeoutException invoking https://<OneClick_FQDN>:443/axis2/services/DataSourceWS: connect timedout. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result. 

4. Run the following curl and nc syntaxes on DA host:

# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl

# nc -z -v <OneClick_FQDN> 80
# nc -z -v <OneClick_FQDN> 443

Some examples:

# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
* About to connect() to example.net port 443 (#0)
*   Trying 10.xx.yy.zz...
* Connection timed out
* Failed connect to <OneClick_FQDN>:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to <OneClick_FQDN>:443; Connection timed out

# nc -z -v <OneClick_FQDN> 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.xx.yy.zz:80.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.

# nc -z -v <OneClick_FQDN> 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.

Open port 443 between DA and OneClick host on the firewall.

Powered by Wolken Software