CA Service Management

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Peter,

As per my understanding, this issue occurs only when using a self-signed certificate for SSL.

Starting from version 17.4.Ru2, we have implemented CXF for both the Service Catalog and SDM. CXF now enforces the inclusion of SAN details in the certificate.

Possible solution: We need to regenerate the certificate with SAN and add it to the trust store.

Thanks,

Seetharam

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Seetharam,

we already have a SAN-certicate with alternative names listed in use with RU01.

Under RU02 with this certificate SDM and Catalog each are working correct.

What else I have to do that also Catalog's communication with SDM and PAM work in RU02?

Regards,

Peter

Hi Peter,

As per my understanding, this issue occurs only when using a self-signed certificate for SSL.

Starting from version 17.4.Ru2, we have implemented CXF for both the Service Catalog and SDM. CXF now enforces the inclusion of SAN details in the certificate.

Possible solution: We need to regenerate the certificate with SAN and add it to the trust store.

Thanks,

Seetharam

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Peter,

According to the above comment, SDM + Catalog is working fine by updating the SAN to the certificate. 

Please follow the below steps to integrate with ITPAM.

In ITPAM:

1. Regenerate a new custom key-store file for ITPAM using the SAN details.

   1. keytool -genkey -alias "itpam" -keyalg RSA -keystore "<keystore path>" -ext san=dns:<ITPAM Server hostname>

      By default, the validity of the certificate is 90 days. You can extend the certificate duration this using the -validity <number of days> parameter when creating the certificate.

2. Update the above generated certificate in ITPAM server.

   1. For 04.3.05 release,
      1. Navigate to <install_loc>\server\c2o\.config\OasisConfig.properties
         • We need to add three entries to point to the custom certificate. 
         • itpam.custom.web.keystorepath, itpam.custom.web.password and itpam.custom.web.keystorealias
         • Note: itpam.custom.web.password value can be encrypted using PasswordEncryption.bat file available in the <install_loc>\server\c2o location.
      2. Navigate to <install_loc>\server\c2o\deploy\jbossweb.sar\server.xml
         • We need to modify this file to use the custom entries mentioned in oasis config file.
           • example :
           • <Connector protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                  port="${tomcat.secure.port}" address="${jboss.bind.address}"
                  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
                  emptySessionPath="true"
                  scheme="https" secure="true" clientAuth="false"
                  keystoreFile="${itpam.custom.web.keystorepath}"
                  keyAlias="${itpam.custom.web.keystorealias}"
                  keystorePass="${itpam.custom.web.keystore.password}"
                  sslProtocol = "${SSL_PROTOCOL}" algorithm = "${X509_ALGORITHM}" ciphers="${jboss.ssl.ciphers}" 
                  useBodyEncodingForURI="true" maxPostSize="12582912"/>
      3. Restart ITPAM server.
      4. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM side.) 
   2. For 04.4 release,
      1. Folllow the techdocs for replacing above generated custom certificate in ITPAM 04.4 release , https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-4-00/administrating/overview-for-administrators/maintain-the-domain/manage-certificates/configure-custom-certificates-and-password-vault--wildfly-.html
      2. Restart ITPAM server.
      3. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM /SLCM side.) 

In SDM:

1. ?wsdl should be appended to the PAM url for the integration (if SDM is on 17.4 GA)
2. Export the PAM customer certificate from browser and import it into SDM key-store file

   1.      keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files (x86)\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

           keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

3. Restart the SDM windows service (complete service restart is needed to force to load the key-store file for SDM)
4. Validate  ITPAM + SDM integration.

In SLCM :

1. Export the PAM customer certificate from browser and import it into SLCM key-store file.

   1. keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.3\lib\security\cacerts"

           It will ask the password: changeit

2. Restart SLCM services.
3. Validagte ITPAM + SLCM integration.

Thanks,

Seetharam

Hi Seetharam,

we already have a SAN-certicate with alternative names listed in use with RU01.

Under RU02 with this certificate SDM and Catalog each are working correct.

What else I have to do that also Catalog's communication with SDM and PAM work in RU02?

Regards,

Peter

Hi Peter,

As per my understanding, this issue occurs only when using a self-signed certificate for SSL.

Starting from version 17.4.Ru2, we have implemented CXF for both the Service Catalog and SDM. CXF now enforces the inclusion of SAN details in the certificate.

Possible solution: We need to regenerate the certificate with SAN and add it to the trust store.

Thanks,

Seetharam

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Peter,

According to the above comment, SDM + Catalog is working fine by updating the SAN to the certificate. 

Please follow the below steps to integrate with ITPAM.

In ITPAM:

1. Regenerate a new custom key-store file for ITPAM using the SAN details.

   1. keytool -genkey -alias "itpam" -keyalg RSA -keystore "<keystore path>" -ext san=dns:<ITPAM Server hostname>

      By default, the validity of the certificate is 90 days. You can extend the certificate duration this using the -validity <number of days> parameter when creating the certificate.

2. Update the above generated certificate in ITPAM server.

   1. For 04.3.05 release,
      1. Navigate to <install_loc>\server\c2o\.config\OasisConfig.properties
         • We need to add three entries to point to the custom certificate. 
         • itpam.custom.web.keystorepath, itpam.custom.web.password and itpam.custom.web.keystorealias
         • Note: itpam.custom.web.password value can be encrypted using PasswordEncryption.bat file available in the <install_loc>\server\c2o location.
      2. Navigate to <install_loc>\server\c2o\deploy\jbossweb.sar\server.xml
         • We need to modify this file to use the custom entries mentioned in oasis config file.
           • example :
           • <Connector protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                  port="${tomcat.secure.port}" address="${jboss.bind.address}"
                  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
                  emptySessionPath="true"
                  scheme="https" secure="true" clientAuth="false"
                  keystoreFile="${itpam.custom.web.keystorepath}"
                  keyAlias="${itpam.custom.web.keystorealias}"
                  keystorePass="${itpam.custom.web.keystore.password}"
                  sslProtocol = "${SSL_PROTOCOL}" algorithm = "${X509_ALGORITHM}" ciphers="${jboss.ssl.ciphers}" 
                  useBodyEncodingForURI="true" maxPostSize="12582912"/>
      3. Restart ITPAM server.
      4. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM side.) 
   2. For 04.4 release,
      1. Folllow the techdocs for replacing above generated custom certificate in ITPAM 04.4 release , https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-4-00/administrating/overview-for-administrators/maintain-the-domain/manage-certificates/configure-custom-certificates-and-password-vault--wildfly-.html
      2. Restart ITPAM server.
      3. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM /SLCM side.) 

In SDM:

1. ?wsdl should be appended to the PAM url for the integration (if SDM is on 17.4 GA)
2. Export the PAM customer certificate from browser and import it into SDM key-store file

   1.      keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files (x86)\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

           keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

3. Restart the SDM windows service (complete service restart is needed to force to load the key-store file for SDM)
4. Validate  ITPAM + SDM integration.

In SLCM :

1. Export the PAM customer certificate from browser and import it into SLCM key-store file.

   1. keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.3\lib\security\cacerts"

           It will ask the password: changeit

2. Restart SLCM services.
3. Validagte ITPAM + SLCM integration.

Thanks,

Seetharam

Hi Seetharam,

we already have a SAN-certicate with alternative names listed in use with RU01.

Under RU02 with this certificate SDM and Catalog each are working correct.

What else I have to do that also Catalog's communication with SDM and PAM work in RU02?

Regards,

Peter

Hi Peter,

As per my understanding, this issue occurs only when using a self-signed certificate for SSL.

Starting from version 17.4.Ru2, we have implemented CXF for both the Service Catalog and SDM. CXF now enforces the inclusion of SAN details in the certificate.

Possible solution: We need to regenerate the certificate with SAN and add it to the trust store.

Thanks,

Seetharam

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter

Hi Seetharam,

I have good news.

I only had to do the following on SLCM-machine:

keytool -importcert -file D:\Zertifikat\sdm_xxxxxx_san.cer -alias testxxxhe.de -keystore "D:\Program Files\CA\Service Catalog\embedded\jdk\lib\security\cacerts"

Password as documented ...

After restarting SLCM integration-Test is working.

Many thanks for your support.

Regards,

Peter

Hi Peter,

According to the above comment, SDM + Catalog is working fine by updating the SAN to the certificate. 

Please follow the below steps to integrate with ITPAM.

In ITPAM:

1. Regenerate a new custom key-store file for ITPAM using the SAN details.

   1. keytool -genkey -alias "itpam" -keyalg RSA -keystore "<keystore path>" -ext san=dns:<ITPAM Server hostname>

      By default, the validity of the certificate is 90 days. You can extend the certificate duration this using the -validity <number of days> parameter when creating the certificate.

2. Update the above generated certificate in ITPAM server.

   1. For 04.3.05 release,
      1. Navigate to <install_loc>\server\c2o\.config\OasisConfig.properties
         • We need to add three entries to point to the custom certificate. 
         • itpam.custom.web.keystorepath, itpam.custom.web.password and itpam.custom.web.keystorealias
         • Note: itpam.custom.web.password value can be encrypted using PasswordEncryption.bat file available in the <install_loc>\server\c2o location.
      2. Navigate to <install_loc>\server\c2o\deploy\jbossweb.sar\server.xml
         • We need to modify this file to use the custom entries mentioned in oasis config file.
           • example :
           • <Connector protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                  port="${tomcat.secure.port}" address="${jboss.bind.address}"
                  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
                  emptySessionPath="true"
                  scheme="https" secure="true" clientAuth="false"
                  keystoreFile="${itpam.custom.web.keystorepath}"
                  keyAlias="${itpam.custom.web.keystorealias}"
                  keystorePass="${itpam.custom.web.keystore.password}"
                  sslProtocol = "${SSL_PROTOCOL}" algorithm = "${X509_ALGORITHM}" ciphers="${jboss.ssl.ciphers}" 
                  useBodyEncodingForURI="true" maxPostSize="12582912"/>
      3. Restart ITPAM server.
      4. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM side.) 
   2. For 04.4 release,
      1. Folllow the techdocs for replacing above generated custom certificate in ITPAM 04.4 release , https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-4-00/administrating/overview-for-administrators/maintain-the-domain/manage-certificates/configure-custom-certificates-and-password-vault--wildfly-.html
      2. Restart ITPAM server.
      3. Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM /SLCM side.) 

In SDM:

1. ?wsdl should be appended to the PAM url for the integration (if SDM is on 17.4 GA)
2. Export the PAM customer certificate from browser and import it into SDM key-store file

   1.      keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files (x86)\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

           keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.18\lib\security\cacerts"

           It will ask the password: changeit

3. Restart the SDM windows service (complete service restart is needed to force to load the key-store file for SDM)
4. Validate  ITPAM + SDM integration.

In SLCM :

1. Export the PAM customer certificate from browser and import it into SLCM key-store file.

   1. keytool -importcert -file c:\itpamcert.crt -keystore "C:\Program Files\CA\SC\JRE\11.0.3\lib\security\cacerts"

           It will ask the password: changeit

2. Restart SLCM services.
3. Validagte ITPAM + SLCM integration.

Thanks,

Seetharam

Hi Seetharam,

we already have a SAN-certicate with alternative names listed in use with RU01.

Under RU02 with this certificate SDM and Catalog each are working correct.

What else I have to do that also Catalog's communication with SDM and PAM work in RU02?

Regards,

Peter

Hi Peter,

As per my understanding, this issue occurs only when using a self-signed certificate for SSL.

Starting from version 17.4.Ru2, we have implemented CXF for both the Service Catalog and SDM. CXF now enforces the inclusion of SAN details in the certificate.

Possible solution: We need to regenerate the certificate with SAN and add it to the trust store.

Thanks,

Seetharam

Good morning Seetharam,

at first .. thanks for our reply.

What I don't understand is:

• Why does RU02 kill working SSL-integration (worked fine till 17.4 RU01)
• After reading the linked document:
  • We have customer-specific certificates and want to use them .. what to do?
  • Is it a must to create own certificates as described?
  • We have an integration from outside using them .. what will happen?

Thanks,

Peter

PS.: I also opened a CASE for it .. 35157644

Hi Peter,

Can you please help me if this environment is enabled with SSL? If yes, please follow the below steps.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/troubleshooting1/troubleshooting-ca-service-catalog/integration-issues/integration-between-sdm-and-service-catalog-stops-working-after-the-upgrade-to-17-4-ru2.html

Thanks,

Seetharam

Hi all,

after upgrading SLCM and SDM from 17.4.1 to 17.4.2 integration of SLCM and SDM/PAM does not work when using 'test' in SLCM.

Each component is up and running and can be used.

What I tried:

Recreating and copying CASM_POLICY.p12 does not help.

Reintegration from 17.4-iso does not help.

How to reproduce:

Go to SLCM --> Administration --> configuration

Select Service Desk from the left pane.

Click on Test-Button on the right pane.

Without waiting-time error-window pops up: error when trying connection.

F12:

no error in console;

Url: https://m***10:8443/usm/wpf?Node=icguinode.toolsconfigtest&Args=Go***ut&Args=servicedesk&Args=USV (nothing else)

This url returns (called manually) XML-Data.

STDLOG:

Nothing when button is clicked

VIEW.LOG:

Nothing when button is clicked

Any idea what I could look for?

Regards,

Peter