Clarity Service Management

Expand all | Collapse all

Setting up SSL (Third Party Vendor) in EEM

Jump to Best Answer
  • 1.  Setting up SSL (Third Party Vendor) in EEM

    Posted 11-06-2017 08:14 PM

    I'm finding different information about how to setup an SSL within EEM.

     

    EEM is currently signed with the out of the package certificates. Trying to replace that with a third party certificate. That we are using on the particular domain. To get rid of the trusted SSL errors. 

     

    I've found different information. But nothing exact. Anyone have steps on how to properly make this transition?


    Thanks!



  • 2.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 08:35 AM

    Hi Jordan - I found this doc in the communities:  How to setup EEM UI to use a custom signed certificate (R8.4 SP4+ and R12.x) 

    See if that helps,

    Jon



  • 3.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 09:39 AM

    Hey John,

     

    It may... but unfortunately this is what I'm getting when clicking on the link provided above.

     



  • 4.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 09:48 AM
      |   view attached

    Jordan........

     

    I have attached a PDF version of the document for you

    Attachment(s)

    pdf
    DOC-231148893.pdf   7K 1 version


  • 5.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 10:13 AM

    Thanks Paul. I'm getting a general idea.

     

    So my original certificate was a .P7B which does not show as being supported by this documentation. So I did a conversion of the .P7B to a .PEM file. Which create a cert.perm this conversion required that I input a PFX password during the conversion process.

     

    Based upon the instructions I was to alter the following information for a PEM file...


     

    But all I got from the conversion was the PEM file. The certURI I'm guessing would be cert.pem in this case. But I have no idea what would go in the keyURI as I don't have a .key file to put there. 

     

    I assume I'm missing something somewhere in this process. Also if we can use a P7B I'm fine with that as well.



  • 6.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 04:37 PM

    Hi Jordan,

     

    P7B file does not contain the key. If you can get the .pfx file you can follow this:

     

    openssl pkcs12 -in file.pfx -out file.pem -nodes

    I believe it would create a pem file with the key in it and you have to split it into separate files.



  • 7.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 05:13 PM

    Was able to take the PFX and convert into a PEM and pull out both the certificate and private key statements. Saved into a CRT and KEY and uploaded into :

    C:\Program Files\CA\SC\iTechnology

     

    Once uploaded edits were made to the iGateway file:

      <Connector name="defaultport">
       <port>5250</port>
       <mustlisten>true</mustlisten>
           <conntype/>
       <conntimeout>120</conntimeout>
       <peektimeout>30</peektimeout>
       <maxconnections>1000</maxconnections>
       <maxrequestbytes>10000000</maxrequestbytes>
       <maxpiperequests>10</maxpiperequests>
       <maxAcceptRate/>
       <certType>pem<certType/>
       <certURI>primary.crt<certURI/>
       <certPW/>
       <keyURI>private.key<keyURI/>
       <keyPW/>
       <secureProtocol/>
       <cipherlist/>
      </Connector>

     

    These alterations resulted in the CA iTechnology iGateway service from being able to start.

    Error: 0xffffffff: 0xffffffff

     

    The CA Directory still started.

     

    The website failed to load.

     

    Restored original values to iGateway.conf file and everything started up like normal. Original values look as follows:

    <Connector name="defaultport">
       <port>5250</port>
       <mustlisten>true</mustlisten>
           <conntype/>
       <conntimeout>120</conntimeout>
       <peektimeout>30</peektimeout>
       <maxconnections>1000</maxconnections>
       <maxrequestbytes>10000000</maxrequestbytes>
       <maxpiperequests>10</maxpiperequests>
       <maxAcceptRate/>
       <certType/>
       <certURI/>
       <certPW/>
       <keyURI/>
       <keyPW/>
       <secureProtocol/>
       <cipherlist/>
      </Connector>



  • 8.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 05:20 PM

    Try using the full file path



  • 9.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 05:26 PM

    Also if you have the pfx file just follow the p12 steps in the documentation:

     

    1. Copy the p12 certificate to iTechnology folder.
    2. Stop iTechnology service.
    3. Edit igateway.conf and update the <Connector name="defaultport"> section
    4. Set certType to p12
    5. Set certURI to your .p12 certificate filename
    6. Set certPW to munged p12 certificate file password using the ConfigTool.
    7. Save and exit the file
    8. Start the iTechnology service

     

    Run this C:\Program Files (x86)\CA\SC\iTechnology>ConfigTool -munge -version 4.6.0.0 -comp igateway -tag
    "TransportReceiver=HTTP;Connector=defaultport;certPW;" -passwd testpassword

     

    replace testpassword with your password. And put that in <certPW>

     

    <Connector name="defaultport">
       <port>5250</port>
       <mustlisten>true</mustlisten>
           <conntype/>
       <conntimeout>120</conntimeout>
       <peektimeout>30</peektimeout>
       <maxconnections>1000</maxconnections>
       <maxrequestbytes>10000000</maxrequestbytes>
       <maxpiperequests>10</maxpiperequests>
       <maxAcceptRate/>
       <certType>p12</certType>
       <certURI>cert.pfx</certURI>
       <certPW>[munged password]</certPw>
       <keyURI/>
       <keyPW/>
       <secureProtocol/>
       <cipherlist/>
      </Connector>

     

    Give the above a try.



  • 10.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-07-2017 06:00 PM

    Hi Anthony,

     

    Attempted PFX with the following entry:

    Password removed.

    Attempted this will full path as shown (and without).

     

    I attempted the command given for ConfigTool using exactly the same language (changing the testpassword) to the actual password of the PFX but got the following error.

     

    I also attempted your original instructions about using the full path as follows:

     

    Results in the following error:



  • 11.  Re: Setting up SSL (Third Party Vendor) in EEM
    Best Answer

    Posted 11-08-2017 09:17 AM

    Hi Jordan,

     

    I just tried the command and it seems to put the certPW in for you so you yourself don't have to do it. I think your command failed because you have

    <certPW>******<certPW/>

     

    It should be <certPW>*****</certPW>



  • 12.  Re: Setting up SSL (Third Party Vendor) in EEM

    Posted 11-13-2017 10:49 AM

    Was able to get it working. With the PEM using primary.crt and private.key.

    Issue was the placement of the slash. 


    Thanks!