eHealth SPECTRUM SSL setup error (Legacy KB ID CNC TS27746 )

Document ID : KB000051752
Last Modified Date : 14/02/2018
Show Technical Document Details
Steps to resolve issues with the eHealth/SPECTRUM integration using SSL

  The steps below will resolve issues with obtaining SPECTRUM discovery information from a secure OneClick server.  The integration utilities require a higher version of the Java Runtime Environment than what is delivered with eHealth 6.0.  Also, several files must be patched to support this configuration. 

  The remainder of the integration features should be operational by following the instructions in the integration documentation.

Notes: 
1.      All steps are to be performed on the eHealth server
2.      Hyphens in this document cannot be cut-and-paste into command prompts
3.      Solution is based on Windows, but can be applied to Unix
4.      References to the new JRE are based on installation in D:/Program Files/Java/jre1.5.0_15


Install a newer JRE

If JRE 1.5 or 1.6 is not installed on the eHealth server, please install one of those versions downloaded from /java.sun.com, do not install the new JRE in $NH_HOME/Jre 

Create the SPECTRUM_INT_JRE environment variable

Open the Windows Control Panel Open the System window Select the Advanced Tab Click the Environment Variables button In the System variables area, click the New button. Create a variable named SPECTRUM_INT_JRE and give it a value of D:/Program Files/Java/jre1.5.0_15 (the / is required, \ will not work) 

Patch the eHealth files


Create a backup directory.Copy the following files into the backup directory:
$NH_HOME/modules/spectrum/javaLibs/private/ehealthdisc.jar
$NH_HOME/bin/nhSpectrumSetup.sh
$NH_HOME/bin/sys/nhiSpectrumImport.sh


Extract the contents of the SPECTRUM_SSL_Patches.zip file to a new directory.  Copy the appropriate file from the new directory to the locations listed in steps 2a-2c. 


  Install the SSL Certificates

Obtain a file copy of each certificate in the certificate chain for the SPECTRUM OneClick server.  In Windows you can do this by:Open a IE browser and direct it to the secure SPECTRUM OneClick server you will be integrating with (https://<OneClick Server Name>)Double-click on the lock in the bottom bar of the browser.Click on the details tab.Click the Copy to File? button.Follow the default prompts and Save the file in DER encoded binary x.509 format.Click the Certification Path tabIf there are other certificates in the path select them and repeat steps c. through e. for each certificate saving each in its own file.Copy all certificate files from previous step to $SPECTRUM_INT_JRE using Windows Explorer.Open a new command prompt (locks in new environment variable) and execute the ?bash? command.cd "$SPECTRUM_INT_JRE"Install each certificate starting with the Root certificate using the following command:bin/keytool ?import ?v ?keystore lib/security/cacerts ?trustcacerts ?storepass changeit  ?file <certificate filename>  -alias <choosealiasname>.

Related Issues/Questions:
eHealth SPECTRUM SSL setup error 

Problem Environment:
Apache
eHealth 6.0

Additional Information:
Each file needs its own alias, if any of the certificates are already installed you can say no to the query regarding importing.


Configuring the integration


Change the NH_HTTP_PORT environment variable on the eHealth server to match the HTTPS port the server is running on.In the same bash prompt window execute the following:nhSpectrumSetup ?https truenhSpectrumSetup                                                              


     i.      Configure the remaining values using the fully-qualified domain name for the OneClick server. 
     ii.      Click the OK button to verify the connection.


If the verification succeeds, restart the eHealth60 service to lock in the new environment variable. 

Test discovery

If you have not already done so, create a Global Collection in SPECTRUM and add devices to it.Open the eHealth discovery console and configure a discovery mode.Select SPECTRUM Import and your Global Collection of interest.Click the Discover button.Verify discovery completes as expected. 


Recommended SPECTRUM OneClick modifications


Report launches may cause web browsers to mention security warnings about mismatching certificates.  This is because the eHealth server?s IP address is used in the URL and the certificate uses a fully qualified domain name.  Follow these steps to resolve this issue:


Customize the mapping-overrides.xml file by copying it from the $SPECROOT/tomcat/webapps/spectrum/WEB-INF/ehlth/config directory to the $SPECROOT/custom/ehlth/config directoryAdd a landscape-override setting to the custom file that replaces the IP address of the server with the fully qualified domain name  Save the file and click the Update Landscape Overrides button on the eHealth configuration pageRestart any existing OneClick clients.


(Legacy KB ID CNC TS27746 )