Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..
480 views

https on webtier

Experts,

 

I am trying to setup https on webtier of HP SM . Securing the communication between the browser and the webserver is what I am trying to achieve.

 

After creating the keystore file using the keytool utility, I had modified the server.xml and WEB-INF/web.xml file as required.

 

1.

keytool -genkey -alias mkyong -keyalg RSA -keystore c:\mkyongkeystore

2.  Edited the server.xml as below

 

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              keystoreFile="/root/.keystore" keystorePass="your-key-password"
              clientAuth="false" sslProtocol="TLS" />

 3. web.xml in the web-inf folder is edited with securelogin setting to "true"

 

4. Restarted the tomcat services.

 

5. https://localhost:8443/sm9/index.do

     Got the login page, entered the username and the password, but it gave me 'Invalid login name and password'.

    If I blank out my password in the operator record, it logs me in.

 

 

Plz guide.

 

Thx

 

I am Listening..
0 Likes
9 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: https on webtier

I have this running in one of my environments and don't seem to experience that problem. However, your parameters are slighly different. Try changing the 'protocol' line in yours from "HTTP / 1.1' to "org.apache.coyote.http11.Http11Protocol". Below I've pasted mine so you can see how it looks:

 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" keystoreFile="C:\Users\Administrator\tomcat.keystore" keystorePass="changeit" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="C:\Documents and Settings\hpservicemanager\.keystore" keystorePass="changeit"
protocol="org.apache.coyote.http11.Http11Protocol" scheme="https"
secure="true" sslProtocol="TLS" />

Created the keystore file again using keytool.

Modified the server.xml parameters as above.

In the web.xml of the webapps\web-inf folder, made securelogin to true.

 

In our test, I have set password for my ID, it doesn't allow me to login. Gives Invalid login.

If i clear my pwd, it allows me to login.

 

 

Allows me to login using both http & https. How do I revoke normal http access from browser ?

 

 

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

 

Created the keystore file again using keytool.

Modified the server.xml parameters as above.

In the web.xml of the webapps\web-inf folder, made securelogin to true.

 

In our test, I have set password for my ID, it doesn't allow me to login. Gives Invalid login.

If i clear my pwd, it allows me to login.

 

 

Allows me to login using both http & https. How do I revoke normal http access from browser ?

 

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="C:\Documents and Settings\hpservicemanager\.keystore" keystorePass="changeit" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" />

 

 

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

Spoiler
SEVERE: Servlet.service() for servlet HP Service Manager Web threw exception
java.lang.NullPointerException
at com.hp.ov.sm.client.webtier.WebController.init(WebController.java:602)
at com.hp.ov.sm.client.webtier.WebControllerServlet.initWebController(WebControllerServlet.java:633)
at com.hp.ov.sm.client.webtier.WebControllerServlet.login(WebControllerServlet.java:606)
at com.hp.ov.sm.client.webtier.WebControllerServlet.preprocessEventForInitiateSession(WebControllerServlet.java:940)
at com.hp.ov.sm.client.webtier.WebControllerServlet.process(WebControllerServlet.java:464)
at com.hp.ov.sm.client.webtier.WebControllerServlet.processHTTPRequest(WebControllerServlet.java:359)
at com.hp.ov.sm.client.webtier.WebControllerServlet.doPost(WebControllerServlet.java:323)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:286)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
at com.hp.ov.cwc.web.CacheControlFilter.doFilter(CacheControlFilter.java:70)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.compressionFilters.CompressionFilter.doFilter(CompressionFilter.java:203)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)

I get this null pointer exception after repeated tries.

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

I retried these steps once again, still I am unable to login if the user is having a password. If the user's pwd is kept blank, it logs in

C:\Program Files\Java\jre6\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
  [Unknown]:  www.xxx.com
What is the name of your organizational unit?
  [Unknown]:  xx
What is the name of your organization?
  [Unknown]:  xxx
What is the name of your City or Locality?
  [Unknown]:  YM
What is the name of your State or Province?
  [Unknown]:  YO
What is the two-letter country code for this unit?
  [Unknown]:  NO
Is CN=www.xxx.com, OU=SI, O=xx, L=YM, ST=YO, C=NO correct?
  [no]:  y
Enter key password for <tomcat>
        (RETURN if same as keystore password):
In the conf folder of Tomcat, edited the server.xml file as below
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
MaxThreads="150" SSLEnabled="true" keystoreFile="C:\Documents and Settings\user1\.keysto​re" keystorePass="changeit"
scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
In the webapps\web-inf\web.xml file, made secureLogin = true
I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

I dont see any error in sm.log

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

Experts,

 

Any help on this issue ?

 

Thank you

 

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

I have followed multiple changes, now

 

https://localhost:8443/SM9/index.do  -- brings me the web page

 

If i enter my username / pwd  and try to login, it says, Invalid login name and password.

If I enter any other user who doesnt have a username and password, it logs in.

 

Any ideas 

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: https on webtier

  4036(   516) 10/14/2015 11:41:24  RTE D Returning response: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><getLanguagesResponse attachmentCompressed="false" xmlns="http://servicecenter.peregrine.com/PWS"><model count="1" more="0" name="language" query="active=true" record="0" start="0"><keys><unique.id sctype="string">en</unique.id><sap.language sctype="string"/></keys><instance recordid="en - " uniquequery="unique.id=&quot;en&quot; and sap.language=NULL"><unique.id mandatory="true" type="string">en</unique.id><language mandatory="true" type="string">English</language><active type="boolean">true</active></instance></model></getLanguagesResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
  4036(   516) 10/14/2015 11:41:24  RTE D setResponseXml() entered: size = 676, response = <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><getLanguagesResponse attachmentCompressed="false" xmlns="http://servicecenter.peregrine.com/PWS"><model count="1" more="0" name="language" query="active=true" record="0" start="0"><keys><unique.id sctype="string">en</unique.id><sap.language sctype="string"/></keys><instance recordid="en - " uniquequery="unique.id=&quot;en&quot; and sap.language=NULL"><unique.id mandatory="true" type="string">en</unique.id><language mandatory="true" type="string">English</language><active type="boolean">true</active></instance></model></getLanguagesResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
  4036(   516) 10/14/2015 11:41:24  RTE D setResponseXml() finished
  4036(   516) 10/14/2015 11:41:24  RTE D requestProcessed() entered
  4036(   516) 10/14/2015 11:41:24  RTE D requestProcessed() finished
  4036(   516) 10/14/2015 11:41:24 JRTE I Termination signal: 0
  4036(   516) 10/14/2015 11:41:24  RTE I -Memory : S(435024) O(258188) MAX(1095196) - MALLOC's Total(3831)
  4036(   516) 10/14/2015 11:41:24  RTE I Thread termination in progress
  4036(   516) 10/14/2015 11:41:24  RTE D (0x1A05FCC0)      DBACCESS - Cache 

In the sm debug log, i see this

I am Listening..
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.