How to integrate CA Open Space with SSL enabled CA Service Desk Manager?

Document ID : KB000018833
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

SSL was enabled on CA Service Desk Manager Tomcat server, how to integrate CA Open Space with that SDM server?

Solution:

  1. From the CA Open Space server, open a Web browser and go the SSL enabled CA Service Desk Manager Web Services URL (eg https://server-name:8443/axis/services/USD_R11_WebService)

  2. Ensure there are no certificate errors using the above, if there are any certificate errors, work with your infrastructure administrator to resolve the same

  3. From the browser, export the https certificate and save it (say c:\sdm_tomcat_ssl.crt)

  4. Open a Command Prompt and set JAVA_HOME and append %JAVA_HOME%/bin to PATH by:

       set JAVA_HOME=D:\PROGRA~1\CA\OPENSP~1\OSOP\TOMCAT~1.23\jre   set PATH=%JAVA_HOME%/bin;%PATH%


  5. Now lets navigate to %JAVA_HOME%\lib\security folder

       cd %JAVA_HOME%/lib/security


  6. Lets import the SDM Tomcat SSL certification by:

       keytool -import -keystore cacerts -file c:\sdm_tomcat_ssl.crt


    (For detailed usage of keytool you may refer http://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html)

  7. It will prompt for password for the cacerts keystore. The default password is changeit unless it was changed previously. Provide this password. Watch out for any errors during the import

  8. Restart the two CA Open Space services via the Windows Control Panel.

Now continue following the same steps as you follow to enable the CA Service Desk Manager Data source in CA Open Space, except to use the HTTPS URL for CA SDM axis URL.

ERROR Handling: Monitor the C:\Program Files\CA\Open Space\OSOP\tomcat-7.0.23\logs\catalina* log files for errors. Couple of errors like below might surface up and suggested resolutions are discussed here with in:

  1. Trying to configure CA SDM Data source against SDM base URL called https://mySDMHostName:8443 and Tomcat log shows:

    INFO | jvm 1 | 2014/03/04 16:27:56 | javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://mySDMHostName:8443/axis /services/USD_R11_WebService?wsdl. It failed with:

    INFO | jvm 1 | 2014/03/04 16:27:56 | java.security.cert.CertificateException: No name matching mySDMHostName found.
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:151)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:254)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:217)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:165)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:93)
    INFO | jvm 1 | 2014/03/04 16:27:56 | at javax.xml.ws.Service.<init>(Service.java:56)

    The above error surfaces because the Tomcat SSL Certificate might have been generated against a Fully Qualified name of the CA SDM Server (ex: mySDMHostName.ca.com) or maybe a user friendly alias (ex: servicedesk.company.com). Understand what host the certificate was issued against, and use the same name when configuring the CA SDM Data source with in CA Open Space.

  2. Invalid login policy encryption error:

    INFO | jvm 1 | 2014/03/04 16:39:22 | at java.lang.Thread.run(Thread.java:662)
    INFO | jvm 1 | 2014/03/04 16:42:21 | javax.xml.ws.soap.SOAPFaultException: Error - invalid login policy encryption
    INFO | jvm 1 | 2014/03/04 16:42:21 | at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
    INFO | jvm 1 | 2014/03/04 16:42:21 | at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:119)
    INFO | jvm 1 | 2014/03/04 16:42:21 | at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
    INFO | jvm 1 | 2014/03/04 16:42:21 | at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    INFO | jvm 1 | 2014/03/04 16:42:21 | at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)

    To resolve the above error you maybe required to create a new SOAP Web Services policy in CA SDM, export that to .P12 file and use that in the Open Space's CA SDM configuration.