Highlighted
Absent Member.. Absent Member..
Absent Member..
118 views

UCMDB Support Tip: Enabling SSL(Https) for UCMDB

Steps for enabling SSL

  1. Enable SSL in JBoss
  2. Create a certificate and add it to the UCMDB server keystore(Optional, if one already exists)
  3. Add the certificate to a Client UCMDB (Optional , only if certificate is unsigned)

 

Enabling SSL in JBoss

To enable the JBoss in ssl , you’ll need to edit: <UCMDB Server dir>\j2f\EJBContainer\server\mercury\deploy\jbossweb-tomcat55.sar\server.xmlAnd unmark the tag that start After: <!-- SSL/TLS Connector

<Connector port="8443" address="${jboss.bind.address}"

           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"

           emptySessionPath="true"

           scheme="https" secure="true" clientAuth="false"

           keystoreFile="${jboss.server.home.dir}/conf/myKeystore"

           keystorePass="changeit" keyAlias="myCert"

           sslProtocol = "TLS" />

The keystoreFile and keystorePass must be set to the correct path of a java keystore and its password respectively. If the keystore holds more than one certificate, the first one will be used. To choose a specific certificate, use the keyAlias attribure with the alias of the certificate. With the above settings, JBoss will look for the keystore in: <UCMDB server dir>\j2f\EJBContainer\server\mercury\conf\myKeystore

 

  2.  Creating a certificate

To create a new unsigned certificate:

goto:  <UCMDB server dir>\j2f\<JRE>\bin

execute: keytool -genkey -alias myCert -keyalg RSA -keystore <UCmdb server dir>\j2f\EJBContainer\server\mercury\conf\myKeystore *this will generate the certificate and add it to the keystore

Export the certificate to file:

keytool -export -alias myCert -keystore <UCMDB server dir>\j2f\EJBContainer\server\mercury\conf\myKeystore -file c:\myCert

 

3.  Adding certificate to an additional(Client) UCMDB(recommended)

 It Is also recomended to add the key to the ucmdb java keystore.(see above, for exporting the  certificate to file) goto:  <UCMDB server dir>\j2f\<JRE>\bin

 execute: keytool -import -trustcacerts -alias myCert -keystore ..\lib\security\cacerts -file c:\myCert *default password: changeit

 

Using an Unsigned certificate  If using a certificate that is not signed by a Known Certificate Authority (AKA: CA). For example: Verisign, Thawte, etc. By default, any java based program will not accept connections to the webserver. To allow for example for a different UCMDB server's adapter to connect to the ssl connection, you must add the certificate into the Client UCMDB truststore(keystore).

Configuring Soap-Adapter for SSL

Goto the Soap-Adapater configuration in the UI.

In the text box marked 'URL'

put only the word: https

"HP Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'
Labels (1)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.