IMPORTANT: Before you begin please note that APM 12.9.02 (RO71737) is a pre-req.
Part 1 - Configure CA SAM to work with SSL:
1. Configure the web site on the web server where CA SAM is installed.
2. You will need to make the below mentioned changes in web.config file of SAMImportExport service on the CA SAM server.
a. Update the serviceBehaviors section to change it to httpsGetEnabled = True instead of httpGetEnabled = True like below
<serviceBehaviors>
<behavior name="CA.Applications.OEMService.OEMImportBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
b. Update the bindings section as shown below:
<bindings>
<basicHttpBinding>
<binding name="httpBinding_OEMService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"/>
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
Note: Change the Security mode to "Transport" from "None" if needed. Add the <transport clientCredentialType="None" /> if not already there.
c. Under the services section, if the following line exists, change <mexHttpBinding> to <mexHttpsbinding>:
<services>
<service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
<clear/>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
<endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
</service>
</services>
d. Save the changes.
Part 2 - Configure APM 12.9 to work with SSL:
1. Follow the APM Implementation guide - section titled 'Secure Network Communication Configuration'
2. You will need to make the below mentioned changes in web.config file of Import Service on the CA APM server.
a. Update the serviceBehaviors section to change it to httpsGetEnabled = True instead of httpGetEnabled = True like below
<serviceBehaviors>
<behavior name="CA.Applications.OEMService.OEMImportBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
b. Update the bindings section as shown below:
<bindings>
<basicHttpBinding>
<binding name="httpBinding_ImportService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" transferMode="Streamed">
<readerQuotas maxArrayLength="2147483647"/>
<security mode="Transport" >
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
Note: Change the Security mode to "Transport" from "None" if needed.
Add the <transport clientCredentialType="Transport" /> if not already there.
c. Under the services section, if the following line exists, change <mexHttpBinding> to <mexHttpsbinding>
Example:
<services>
<service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
<clear/>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
<endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
</service>
</services>
d. Save the changes.
3. You will need to make the below mentioned changes in ImportDriver.exe.config file of Import Driver service on the CA APM server:
Change key from <security mode=”None”> to <security mode=”Transport”> and save the changes.
4. Make the below mentioned changes in web.config file of WCF Service on the CA APM server:
Change the two keys from <security mode=”None”> to <security mode=”Transport”> and save the changes (one under basicHttpBinding and another under wsHttpBinding).
5. Make the below mentioned changes in ImportProcessor.exe.config file of Import Processor on the CA APM server:
FROM:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ImportService"/>
</basicHttpBinding>
</bindings>
TO:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ImportService">
<security mode="Transport">
<transport proxyCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
NOTE: make sure the URL for ImportService is correct with HTTPS and port number in this file.
6. Update the CA SAM URLs in APM > Administration > Software Asset Management to reflect the protocol and port number configured for SSL.
NOTE: if all components are installed on the same server avoid using 'localhost' on the URLs, use the web server's host name instead.
7. Do an IISRESET on the CA SAM and APM servers. The configuration is complete