CA Service Management

Anyone implemented HTTPS with a third-party certificate for xFlow 17.0 and then successfully logged in?

Hi Andreas,

When you say "third party certificate" do you mean a certificate from a vendor such as verisign or godaddy?  (a certified vendor...).  

If so, you should be able to use it for Xflow by following the vendor-specific instructions (which the cert vendor must provide) on what needs to be imported into the keystore in for tomcat in order for the cert to work properly. Each vendor has slightly different instructions.  We do provide some additional instructions here:  Enable Secure Socket Layer (SSL) - CA Service Management - 14.1 - CA Technologies Documentation 

Let us know if that helps,

Jon I.

Hi Jon,

Yes, that is correct regarding the certificate vendor. Notice that xFlow uses IIS or the Apache Webserver. I have a working Apache Webserver for HTTPS but then we cannot login with provided credentials. If using HTTP it will work again.

If you use "developer tools" (hit F12 in chrome), do you see any specific errors when SSL is enabled?  It seems that maybe there is some type of mixed content happening which could be causing the issue. I would check for errors there.  If you are still not able to get it working, then I would suggest to open a support case so an engineer can take a look at it with you and see if we can figure out whats going on.

Thanks!

Jon I.

Thank you, that tip helped me see and understand the problem. I looked in the server logfiles for so long but the problem was in fact mixed content for the browser. Chrome displayed a button to allow blocked content but Internet Explorer was more stubborn and did not allow the content whatsoever. I will try to encrypt all microservices etc. I had hoped that xFlow did not load the data from the backend systems from the GUI but that seems to be the design. Thank you again Jon and Raghu.

Andreas,

As long as the vendor issued certificates as well as the certificate chain are added properly to the keystore that xFlow uses + SDM web servers (IIS/Tomcat) use,  xFlow should work fine.

If this is still giving you grief, may I suggest raising a support case for this and hit me up - I can work with you.

Thx

_R

Thank you for the reply. It gave me an idea that the chain might not be trusted. The microservices are still in HTTP-mode but the Service Desk has the same certificate and chain. What happens in the communication chain when switching the xFlow GUI to HTTPS? I have an open case with CA support but also reaching out to the community.

Raghu.Rudraraju looks like CA Support ticket #00941051 is associated with this thread

That is correct Paul.

Thank you, I'll sync up offline on this.

_R