Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
pxp3
pxp3 Absent Member.
Absent Member.
‎2015-01-29 23:08
1216 views

uCMDB Browser to uCMDB Server SSL not working

I am having issues configuring uCMDB Browser to uCMDB Server communication on https. Http works.

I have changed ucmdb_browser_config.xml to use https, with proper values for FQDN, and port

 

<ucmdb_configuration name="Server-1">

  <protocol>https</protocol>

  <host_name>FQDN or IP</host_name>

  <host_port>8080</host_port>

  <context_name>/</context_name>

 

I have uncommented SSL block in server.xml & SSL is enabled. SSL is definitely enabled as I can connect from browser to uCMDB Browser using https.

 

I have configured uCMDB Browser to read the keystore and truststore give file location and pass. I have given Full path to trusts store & key store file and password.

 

I have inserted our private rootCA & intermediate CA in both keystore and truststore as trusted CA's in these files (uCMDBBrowser.keystore, uCMDBBrowser.truststore).

 

When I list these file I see these private trusted CA certs listed.

 

My server.xml has below entry

 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

               maxThreads="150" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS"

               keystoreFile="uCMDBBrowser.keystore"  keystorepass = "somepass"

               truststoreFile= "uCMDBBrowser.trustStore" truststorepass = "somepass"/>

 

But I can’t get SSL working with uCMDBServer .

 

It says PKIX cert chain validation error .

 

I have checked forums and seen many articles describing Tomcat can't read configuered truststore and keystore . Hence, I have also tried importing these certs in %JAVA_HOME%/jre/lib/security/cacerts But that doesn’t work either.

 

Please advise how to configure uCMDB Browser to configure SSL

 

I have used following command to add cert in keystore & trustsore

 

keytool -importcert -file downloaded.cer -alias somealias -keystore keystore_file -storepass somepass

Please note we have RootCA , intermediate CA , and then host .

I have tried importing RootCA , intermidateCA and host (4 of them as we have load balancer with 4 uCMDB Servers), but still doesnt work.

 

I have created one cert with RootCA + intermidateCA and added that separately , still same error.

 

Our uCMDB Server when connected from browser on https has no error or warning . I have added the Root CA & intermediate CA in browser.

So definately its not issue with uCMDB Server certificate.

 

Please let us know what is configuration required  in uCMDB Browser to get it working?

Tags (1)
0 Likes
Reply
3 Replies
Loga001
Loga001
Visitor.
‎2015-01-29 23:35

Re: uCMDB Browser to uCMDB Server SSL not working

Hi,

 

Can you provide more details:

What versions are you using?

Are you running Win?

From the post I understoos that you are using Standalone UCMDB browser. Is it correct?

Did you onfigure HA mode for both the Browser and the UCMDB server?

 

Thanks.

0 Likes
Reply
AjitPrasad
Established Member.. AjitPrasad
Established Member..
‎2015-02-03 00:59

Re: uCMDB Browser to uCMDB Server SSL not working

Can you provide more details:

What versions are you using? Praveen :- 10.10

Are you running Win? Praveen : - Yes

From the post I understoos that you are using Standalone UCMDB browser. Is it correct?  Praveen Standalone , can you clarify on that ?

Did you onfigure HA mode for both the Browser and the UCMDB server? Praveen :-Yes. Both are on HA.

0 Likes
Reply
Craig Wilkinson
Absent Member.. Craig Wilkinson Absent Member..
Absent Member..
‎2016-03-18 11:13

Re: uCMDB Browser to uCMDB Server SSL not working

Did this get resolved? I have a customer in a similar position where everything uses CA certificates, everything works except Browser > UCMDB, i.e. Probe > UCMDB is fine using CA certs and users > Browser using CA certs works.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.