Clarity Service Management

Expand all | Collapse all

CA SDM Mobile app SSL issue

  • 1.  CA SDM Mobile app SSL issue

    Posted 03-15-2017 04:08 AM
      |   view attached

    Configured Mobile CA SDM on Secondary Server recently. After Configuring SSL The URL is not Working. The environment is 1 Primary+ 1 Secondary (DMZ) server. 

    # Version of CA SDM
    14.1

    # do you find mobile app working using http.
    Yes

    # Are you using self signed certificate/ Vendor certificate.
    Vendor certificate

    # Steps you have followed to import the certificate.
    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec587823.html

    URL:

    SSL: https://hostname:8449/mobiledemo/login.html
    Tomcat : http://hostname:8050/mobiledemo/login.html

     

    Please find the screenshot for error screen



  • 2.  Re: CA SDM Mobile app SSL issue

    Posted 03-15-2017 05:33 AM

    Hi,

    They was a similar issue posted recently: Configure REST SSL on CA ServiceDesk 14.1 

     

    If I recall correctly the final resolution was to import the cert (and trusted chain )to your mobile.

    Hope this help

    /J



  • 3.  Re: CA SDM Mobile app SSL issue

    Posted 03-15-2017 05:37 AM

    Note that I did just look your screenshot is not from the mobile app and display differnt error not related.

    you need to make sure that the protocol and cypher used in your SSL connecotr is supported an enabled in your browser.

    for IE as an example:

     

    /J



  • 4.  Re: CA SDM Mobile app SSL issue

    Posted 03-24-2017 01:35 AM

    Thanks for the reply.. The IE settings are same as above..still not working



  • 5.  Re: CA SDM Mobile app SSL issue

    Posted 03-15-2017 05:46 AM

    Below an example of a tomcat SSL  connector config supporting all TLS version and outdated cypher (recent tomcat release only support last protocol by default. 128 cyphers are there as example but not secure anymore and must not be used in pubicly exposed env):

     

    <Connector SSLEnabled="true" clientAuth="false" keystoreFile="E:\SSL\mystore.jks" keystorePass="mypass" keystoreType="PKCS12" maxThreads="200" port="443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />

    Hope this help

    /J



  • 6.  Re: CA SDM Mobile app SSL issue

    Posted 03-24-2017 03:42 AM

    Hi Jerome, I tried with these Cyphers. No impact, still same screen.



  • 7.  Re: CA SDM Mobile app SSL issue

    Posted 03-15-2017 08:02 PM

    Hey Bhaskar

     

    The error seems to indicate that either you are not restricting good ciphers only (via server.xml) or one of the keys in the keystore is not being read properly and so the misleading error.

     

    Can you post your server.xml entry for your SSL connector (you can mask the password and keystore location)

     

    _R



  • 8.  Re: CA SDM Mobile app SSL issue

    Posted 03-24-2017 03:50 AM

    Hi Raghu,

    Thanks for the reply.. I tried with these four types. 

    ///////////////////////////////////////////

    <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_ CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_C BC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CB C_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" clientAuth="false" keystoreFile="*****" keystorePass="*****" keystoreType="PKCS12" maxThreads="200" port="8449" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

    ///////////////////////////////////////////////////////////////

    <Connector SSLEnabled="true" clientAuth="false" keystoreFile="*****" keystorePass="*****" keystoreType="PKCS12" maxThreads="200" port="8449" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>

    ////////////////////////////////////////////////////////////////
    <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" clientAuth="false" keystoreFile="*****" keystorePass="*****" keystoreType="PKCS12" maxThreads="150" port="8449" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
    <Connector SSLEnabled="true"

    /////////////////////////////////////////////////////////////////

    ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_ CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_C BC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CB C_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" clientAuth="false" keystoreFile="*****" keystorePass="******" keystoreType="PKCS12" maxThreads="150" port="8449" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

    ///////////////////////////////////////////////////////////////



  • 9.  Re: CA SDM Mobile app SSL issue

    Posted 03-24-2017 04:16 PM

    Can you raise out a support case for this one and hit me up please,   The connector entry on its own looks OK,  maybe you're missing something else in the keystore (the whole cert chain) that's causing this misleading error.

     

    _R