Highlighted
Visitor.
1021 views

UCMDB10.10 Java API - how to connect via https

Hi experts,

I'm buildng java sdk client.

Can someone please post an example how to make connection to UCMDB server using https.
API provides UcmdbServiceFactory.initSSL method as well as UcmdbServiceFactory.DefaultTruststoreManger class but from Java API documentation and Hardening Guide it is not clear how to it should work end to end.


Regards

Tags (1)
0 Likes
3 Replies
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: UCMDB10.10 Java API - how to connect via https

SSL connection in any Java applications is covered on JVM level.

Please export certificate from UCMDB server (the process covered in Hardening guide in probe section).

Import it according to guidelines from http://javacolors.blogspot.com/2012/05/how-to-register-ssl-certificates-in.html Step 2.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
Highlighted
Visitor.

Re: UCMDB10.10 Java API - how to connect via https

Followed the instructions from the Hardening Guide sec."Enable Mutual Certificate Authentication for SDK".

 

In step 2 "Make sure the JRE that runs the UCMDB-API client has a keystore containing a client certificate." generated  selfsigned certificate on my sdk client machine using

keytool -genkey -alias ucmdb-api -keyalg RCA -keystore <my java client path>\conf\security\keystore.jks

 

Executed steps 3-7.

 

In my java sdk client I do:

 

System.setProperty("javax.net.ssl.keyStore", <my java client path>\conf\security\keystore.jks);
System.setProperty("javax.net.ssl.keyStorePassword", <MyKeystorePassword>);
System.setProperty("javax.net.ssl.trustStore", <my java client path>\conf\security\cacerts; ## imported UCMDB certificate into this store in step 6
System.setProperty("javax.net.ssl.trustStorePassword", <MyTruststorePassword>);


UcmdbServiceFactory.initSSL();

UcmdbServiceProvider provider = UcmdbServiceFactory.getServiceProvider
("https", <SOME_HOST_NAME>, 8444);

UcmdbService ucmdbService = provider.connect(provider.createCertificateCredentials(<my java client path>\conf\security\keystore.jks, <MyKeystorePassword>),
provider.createClientContext("My App"));

 

The client failed with authentication failure exception.

Found NullPointerExcception in ucmdb-api log in UCMDB server.

 

Not sure what should I pass to createCertificateCredentials - keystore of truststore? Tried both - failed. Password authentication works fine.

 

Any advice please?

Did anyone get it working?

Is selfsigned certificates supported?

Can anyone share code sample?

 

Tia for your help

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: UCMDB10.10 Java API - how to connect via https

I'd suggets raising the support case to get educated answer from R&D.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.