Virtual Service Catalog SSL Configuration

Document ID : KB000117485
Last Modified Date : 12/10/2018
Show Technical Document Details
Introduction:
How to configure Virtual Service Catalog for SSL? 
Environment:
DevTest 10.4
Instructions:

Install DevTest

 
  1. Execute the 10.4.0.366 installer into a new directory, which we will refer to as DEVTEST_HOME.
  2. Copy the DEVTEST_HOME/_dradis.properties file to a new file, DEVTEST_HOME/dradis.properties
  3. Uncomment and configure lines 16 - 19 in the DEVTEST_HOME/dradis.properties file to the following:
dradis.webserver.https.enabled=true
dradis.webserver.ssl.keystore.location=webserver.ks
dradis.webserver.ssl.keystore.password=changeit
dradis.webserver.ssl.keymanager.password=changeit
  1. Execute the LISA_HOME/IdentityAccessManager/bin/IdentityAccessManager application.
  2. Open a browser to https://<vsc host>:51111/, where <vsc host> is the hostname of the machine running the IdentityAccessManager application, and login with admin/admin. You may need to add a security exception to your browser due to the self-signed certificate used in the IdentityAccessManager keystore.
  3. Execute the DEVTEST_HOME/bin/EnterpriseDashboard application
  4. Open a browser to https://<dradis host>:1506/ where <dradis host> is the hostname of the machine running the EnterpriseDashboard application. You may need to add a security exception to your browser due to the self-signed certificate used in the webserver.ks keystore.
  5. Verify steps 5 and 7 successfully loads before continuing.

Install Virtual Service Catalog

  1. Execute the Virtual Service Catalog (VSC) installer into a new directory, which we will refer to as VSC_HOME.
  2. Execute the VSC_HOME/bin/vscatalog application
  3. Open a browser to https://<vsc host>:51110/, where <vsc host> is the hostname of the machine running the vscatalog application, and login with admin/admin. You may need to add a security exception to your browser due to the self-signed certificate used in the embedded Virtual Service Catalog keystore.
  4. Verify step 3 successfully loads before continuing.

Configure Virtual Service Catalog

  1. In VSC, select the gear icon to open the "Manage Enterprise Dashboard Connections" page.
  2.  Try to add a dashboard with the url https://<dradis host>:1506/ and select "Connect" button. FYI, this should fail because of the self-signed certificate used in the dashboard. The reason it fails is because the REST client in VSC that is configured to talk to the Enterprise Dashboard is not configured to trust the self-signed certificate from the ED.
  3. Stop VSC and add the following 3 properties, each on a separate line, to the VSC_HOME/bin/vscatalog.vmoptions file:
-Dcom.ca.ad.sv.iaam.key-store-type=JKS
-Dcom.ca.ad.sv.iaam.key-store=file:///DEVTEST_HOME/webserver.ks
-Dcom.ca.ad.sv.iaam.key-password=<keystore password>
-Dlisa.webserver.https.enabled=true

Example:
-Dcom.ca.ad.sv.iaam.key-store-type=JKS
-Dcom.ca.ad.sv.iaam.key-store=file:///Users/demo/Desktop/DevTest-10.4.0.366/webserver.ks
-Dcom.ca.ad.sv.iaam.key-password=changeit
-Dlisa.webserver.https.enabled=true
 
  1. Restart VSC and repeat step 2. You should now be able to add an Enterprise Dashboard connection.

Configure Registry

  1. Now with VSC connected to the Enterprise dashboard we can move to configuring the Registry to talk to a secure Enterprise Dashboard. Copy the DEVTEST_HOME/_local.properties file to DEVTEST_HOME/local.properties and add the following property:
..
### ###
### The properties in local.properties will take precedence over any properties ###
### defined in site.properties. However, these properties do not take precedence ###
### over properties defined on the command line using the '-D' command line ###
### option. ###
### ###
#####################################################################################
devtest.enterprisedashboard.https.enabled=true
...
  1. Execute the DEVTEST_HOME/bin/Registry application
  2. Execute the DEVTEST_HOME/bin/VirtualServiceEnvironment application
  3. Using the Workstation, portal or commandline and deploy 1 or more virtual services
  4. In the VSC application, select the "View All Virtual Services" button.
  5. If the "List of Virtual Services" pages displays no data, then the next indexing cycle likely hasn't started yet. You can immediately schedule an indexing operation by selecting the "Refresh" icon on the top right of the "List of Virtual Services" page.
 
 Notes
The Enterprise Dashboard and Registry should use the same certificate. If the Enterprise Dashboard and Registry have been configured with different self-signed certificates then they must be loaded into the keystore referenced in step 3 of the Configure Virtual Service Catalog section above.
To configure a different keystore for the Enterprise Dashboard and the Registry, then you should follow the steps @ https://docops.ca.com/devtest-solutions/10-4/en/administering/security/using-https-communication-with-the-invoke-apis