How to configure Visualizer over SSL.

Document ID : KB000053193
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following are steps to configure Visualizer over SSL. This is specific to CMDB r11.2. Additionally please contact CMDB support for obtaining a test fix.

Solution:

  1. Create a security certificate issuing the following command:

    D:\Program Files\CA\SharedComponents\*\jre\bin>
    Keytool -genkey -alias tomcat -keyalg RSA -keystore D:\CA\CMDBKeystore

    Enter keystore password: changeit
    What is your first and last name?
    [Unknown]: 10.8.0.244 (servername)
    What is the name of your organizational unit?
    [Unknown]: ITS
    What is the name of your organization?
    [Unknown]: State of North Carolina
    What is the name of your City or Locality?
    [Unknown]: Raleigh
    What is the name of your State or Province?
    [Unknown]: North Carolina
    What is the two-letter country code for this unit?
    [Unknown]: US
    Is CN=10.8.0.244, OU=ITS, O=State of North Carolina, L=Raleigh, ST=NC
    laware, C=US correct?
    [no]: yes

    Enter key password for <tomcat>
    (RETURN if same as keystore password): xxxxxxxxx

  2. Export the Security Certificate

    D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
    Keytool -export -alias tomcat -file D:\CA\CMDBcert -keystore D:\CA\CMDBKeystore
    Enter keystore password: changeit
    Certificate stored in file <D:\CA\CMDBcert>

    Delete cacerts file from D:\Program~1\CA\SharedComponents\Unicent~1\jre\lib\security\cacerts

  3. Import the Security Certificates

    D:\Program Files\CA\SharedComponents\Unicenter Management Portal\jre\bin>
    Keytool -import -alias tomcat -trustcacerts -file D:\CA\CMDBcert -keystore D:\Program~1\CA\
    SharedComponents\Unicent~1\jre\lib\security\cacerts
    Enter keystore password: changeit
    Owner: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh, S
    T=North Carolina, C=US
    Issuer: CN=nocportaltest.ITS.state.NC.us, OU=ITS, O=State of North Carolina, L=Raleigh,
    ST=North Carolina, C=US
    Serial number: 47878c70
    Valid from: Fri Jan 11 10:34:08 EST 2008 until: Thu Apr 10 11:34:08 EDT 2008
    Certificate fingerprints:
    MD5: 94:E7:2A:6D:10:5D:92:F2:56:EB:BF:84:6E:D1:4D:B0
    SHA1: 45:99:7A:EC:50:C2:33:C4:42:95:52:69:F0:51:59:3E:E0:CF:BA:36
    Trust this certificate? [no]: yes
    Certificate was added to keystore

    copy cacerts to all JRE\*\lib\security folders

    if you need to redo you must first delete old keystore with keytool -delete -keystore c:\keystore this will ask which alias.

  4. Shutdown the CMDB/Visualizer

    WARNING: You must make the Keystore password and Tomcat password the same.

    Visualizer tomcat
    C:\Program Files\CA\Shared Components\Tomcat\5.5.12\conf\server.xml    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->    <Connector port="9443" maxHttpHeaderSize="8192"           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"           enableLookups="false" disableUploadTimeout="true"           acceptCount="100" scheme="https" secure="true"           clientAuth="false" sslProtocol="TLS"            keystoreFile=" D:\CA\CMDBKeystore"            keystorePass="changeit"/>
    Restart Visualizer service.

Configure over Mozilla Firefox (as shown in figure 1):

Figure 1:
Figure 1

Click add exception as shown in Figure 2.

Figure 2:
Figure 2

Select Get Certificate as shown in Figure 3.

Figure 3:
Figure 3

Click on Confirm Security Exception as shown in Figure 4.

Figure 4:
Figure 4

Configure over IE as shown in Figure 5:

Figure 5:
Figure 5

Select "Install Certificate" and this will bring up the Certificate Import Wizard as shown in Figure 6.
Select "Next".

Figure 6:
Figure 6

Select "Automatically select the certificate store based on the type of certificate as shown in Figure 7.

Figure 7:
Figure 7

Select "Next" to bring you to the "Completing the Certificate Import Wizard" as shown in Figure 8 and select "Finish.

Figure 8:
Figure 8

You should see a prompt similar to what is shown in Figure 9.

Figure 9:
Figure 9

Figure 10 shows you the "The import wa successful" prompt.

Figure 10:
Figure 10

Figure 11 shows a sample of a Security Alert you may see.

Figure 11:
Figure 11

In addition to this certificate import, we should also be applying a test fix to the system. Please contact CMDB Support team to obtain the test fix for CMDB r11.2.