CA Service Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Configure APM 12.9 and CA SAM to communicate via SSL

  • 1.  Configure APM 12.9 and CA SAM to communicate via SSL

    Posted Jun 06, 2014 11:07 AM

    Configure APM 12.9 and CA SAM to communicate securely using the SSL protocol

    Document ID:  TEC1989668
    Last Modified Date:  8/3/2015
    ShowHide Technical Document Details 
    • Products 
      • CA IT Asset Manager
      • CA Software Asset Manager
      • CA Asset Portfolio Management
    • Releases 
      • CA IT Asset Manager:Release:12.9
      • CA Software Asset Manager:Release:12.9
      • CA Asset Portfolio Management:Release:12.9
    • Components 
      • ARGIS (WEB VERSION)
      • CA Asset Portfolio Management
      • CA SOFTWARE ASSET MANAGER
    IMPORTANT: Before you begin please note that APM 12.9.02 (RO71737) is a pre-req.
    Part 1 - Configure CA SAM to work with SSL:
    1. Configure the web site on the web server where CA SAM is installed.
    The below link has a nice short video on configuring the web site for SSL.

    http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
    2. You will need to make the below mentioned changes in web.config file of SAMImportExport service on the CA SAM server.
    a. Update the serviceBehaviors section to change it to httpsGetEnabled = True instead of httpGetEnabled = True like below
    <serviceBehaviors>
        <behavior name="CA.Applications.OEMService.OEMImportBehavior">
         <serviceMetadata httpsGetEnabled="true" />
         <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
    </serviceBehaviors>
    b. Update the bindings section as shown below:
       <bindings>
        <basicHttpBinding>
         <binding name="httpBinding_OEMService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" transferMode="Streamed">
          <readerQuotas maxArrayLength="2147483647"/>
             <security mode="Transport">
             <transport clientCredentialType="None" />
             </security>
         </binding>
        </basicHttpBinding>
       </bindings>
    Note: Change the Security mode to "Transport" from "None" if needed. Add the <transport clientCredentialType="None" /> if not already there.
    c. Under the services section, if the following line exists, change <mexHttpBinding> to <mexHttpsbinding>:

    <services>
    <service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
      <clear/>
       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
       <endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
    </service>
    </services>
    d. Save the changes.
    Part 2 - Configure APM 12.9 to work with SSL:
    1. Follow the APM Implementation guide - section titled 'Secure Network Communication Configuration'
    2. You will need to make the below mentioned changes in web.config file of Import Service on the CA APM server.
    a. Update the serviceBehaviors section to change it to httpsGetEnabled = True instead of httpGetEnabled = True like below
    <serviceBehaviors>
        <behavior name="CA.Applications.OEMService.OEMImportBehavior">
         <serviceMetadata httpsGetEnabled="true" />
         <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
    </serviceBehaviors>
    b. Update the bindings section as shown below:
    <bindings>
      <basicHttpBinding>
        <binding name="httpBinding_ImportService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" transferMode="Streamed">
          <readerQuotas maxArrayLength="2147483647"/>
      <security mode="Transport" >
      <transport clientCredentialType="None" />
      <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    Note: Change the Security mode to "Transport" from "None" if needed.
    Add the <transport clientCredentialType="Transport" /> if not already there.
    c. Under the services section, if the following line exists, change <mexHttpBinding>  to <mexHttpsbinding>
    Example:
    <services>
      <service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
      <clear/>
       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
       <endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
    </service>
    </services>
    d. Save the changes.
    3. You will need to make the below mentioned changes in ImportDriver.exe.config file of Import Driver service on the CA APM server:
    Change key from <security mode=”None”> to <security mode=”Transport”> and save the changes.
    4. Make the below mentioned changes in web.config file of WCF Service on the CA APM server:
    Change the two keys from <security mode=”None”> to <security mode=”Transport”> and save the changes (one under basicHttpBinding and another under wsHttpBinding).
    5. Make the below mentioned changes in ImportProcessor.exe.config file of Import Processor on the CA APM server:
    FROM:
        <bindings>
          <basicHttpBinding>
            <binding name="BasicHttpBinding_ImportService"/>
          </basicHttpBinding>
        </bindings>
    TO:
        <bindings>
          <basicHttpBinding>
            <binding name="BasicHttpBinding_ImportService">
                       <security mode="Transport">
                       <transport proxyCredentialType="None" />
                       </security>
                       </binding>
          </basicHttpBinding>
        </bindings>
    NOTE: make sure the URL for ImportService is correct with HTTPS and port number in this file.
    6. Update the CA SAM URLs in APM > Administration > Software Asset Management to reflect the protocol and port number configured for SSL.
    NOTE: if all components are installed on the same server avoid using 'localhost' on the URLs, use the web server's host name instead.
    7. Do an IISRESET on the CA SAM and APM servers. The configuration is complete

     

    Message was edited by: Debbie Kuhar The information originally posted has been updated with the complete information from TEC doc 1989668.