Clarity Service Management

Expand all | Collapse all

Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

Jump to Best Answer
  • 1.  Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 03:06 AM

    Anyone implemented HTTPS with a third-party certificate for xFlow 17.0 and then successfully logged in?



  • 2.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 09:27 AM

    Hi Andreas,

    When you say "third party certificate" do you mean a certificate from a vendor such as verisign or godaddy?  (a certified vendor...).  

    If so, you should be able to use it for Xflow by following the vendor-specific instructions (which the cert vendor must provide) on what needs to be imported into the keystore in for tomcat in order for the cert to work properly. Each vendor has slightly different instructions.  We do provide some additional instructions here:  Enable Secure Socket Layer (SSL) - CA Service Management - 14.1 - CA Technologies Documentation 

    Let us know if that helps,

    Jon I.



  • 3.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 09:32 AM

    Hi Jon,

    Yes, that is correct regarding the certificate vendor. Notice that xFlow uses IIS or the Apache Webserver. I have a working Apache Webserver for HTTPS but then we cannot login with provided credentials. If using HTTP it will work again.



  • 4.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?
    Best Answer

    Posted 01-30-2018 09:59 AM

    If you use "developer tools" (hit F12 in chrome), do you see any specific errors when SSL is enabled?  It seems that maybe there is some type of mixed content happening which could be causing the issue. I would check for errors there.  If you are still not able to get it working, then I would suggest to open a support case so an engineer can take a look at it with you and see if we can figure out whats going on.

    Thanks!

    Jon I.



  • 5.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-31-2018 09:24 AM

    Thank you, that tip helped me see and understand the problem. I looked in the server logfiles for so long but the problem was in fact mixed content for the browser. Chrome displayed a button to allow blocked content but Internet Explorer was more stubborn and did not allow the content whatsoever. I will try to encrypt all microservices etc. I had hoped that xFlow did not load the data from the backend systems from the GUI but that seems to be the design. Thank you again Jon and Raghu.



  • 6.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 02:41 PM

    Andreas,

     

    As long as the vendor issued certificates as well as the certificate chain are added properly to the keystore that xFlow uses + SDM web servers (IIS/Tomcat) use,  xFlow should work fine.

     

    If this is still giving you grief, may I suggest raising a support case for this and hit me up - I can work with you.

     

    Thx

    _R



  • 7.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 02:57 PM

    Thank you for the reply. It gave me an idea that the chain might not be trusted. The microservices are still in HTTP-mode but the Service Desk has the same certificate and chain. What happens in the communication chain when switching the xFlow GUI to HTTPS? I have an open case with CA support but also reaching out to the community.



  • 8.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 03:01 PM

    Raghu.Rudraraju looks like CA Support ticket #00941051 is associated with this thread



  • 9.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 03:32 PM

    That is correct Paul.



  • 10.  Re: Anyone implemented HTTPS with a third-party certificate for xFlow 17.0?

    Posted 01-30-2018 05:08 PM

    Thank you, I'll sync up offline on this.

     

    _R