CA Service Management

 View Only
  • 1.  Visualizer configuration using pfx certificate

    Posted Feb 10, 2016 11:08 AM

    Hi Experts,

     

    is there any one tried to configure visualizer using pfx certicate?

     

    i am getting failed after trying these steps.

     

    1. export certificate from IIS. (exporting the pfx from IIS because IIS is configured with SSL Already)

    2. copy in desired directory in server.

    3. modify server.xml in tomcat  and in visualizer tomcat  like below and restart services.

     

    <Connector port="8443" maxHttpHeaderSize="8192"

                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

                   enableLookups="true" disableUploadTimeout="true"

                   acceptCount="100" scheme="https" secure="true"

        keystoreFile="E:/Wilcard Cert.pfx" keystorePass="***" keystoreType="PKCS12"

                   clientAuth="false" sslProtocol="TLS" />

     

     

    please help.



  • 2.  Re: Visualizer configuration using pfx certificate

    Broadcom Employee
    Posted Feb 10, 2016 11:47 AM

    What is the behavior you see with this configuration?

     

    Does tomcat start at all?  (pdm_tomcat_viz.log) ?  Look for 8443 connector starting properly there in the log

     

    Or Tomcat starts fine, but you get a blank page because the browser is denying some of the vulnerable ciphers?  You made need to code specific ciphers similar to regular SDM Tomcat - http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1197111.aspx

     

    _R



  • 3.  Re: Visualizer configuration using pfx certificate

    Posted Feb 10, 2016 10:29 PM

    HI Raghu,

     

    i am getting below error when access using Firefox. and tomcat is starting as expected and i am able to access visualizer using non SSL  connection.

    -------------------------------------------------------------------------------------------------------------

    Connection.Secure Connection Failed

    An error occurred during a connection to devesmsapp01:8443. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

        The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

        Please contact the website owners to inform them of this problem.

     

    --------------------------------------------------------------------------------------

     

    Visyualizer log

     

    ------------------------------------------------------------------------------------------------------------------------------------------------

    11/02/2016 11:19:39 AM org.apache.catalina.core.AprLifecycleListener init

    INFO: Loaded APR based Apache Tomcat Native library 1.1.22.

    11/02/2016 11:19:39 AM org.apache.catalina.core.AprLifecycleListener init

    INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters [false], random [true].

    11/02/2016 11:19:39 AM org.apache.catalina.startup.SetAllPropertiesRule begin

    WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxSpareThreads' to '75' did not find a matching property.

    11/02/2016 11:19:41 AM org.apache.coyote.AbstractProtocol init

    INFO: Initializing ProtocolHandler ["http-apr-9080"]

    11/02/2016 11:19:41 AM org.apache.coyote.AbstractProtocol init

    INFO: Initializing ProtocolHandler ["http-apr-8443"]

    11/02/2016 11:19:41 AM org.apache.catalina.startup.Catalina load

    INFO: Initialization processed in 1631 ms

    11/02/2016 11:19:41 AM org.apache.catalina.core.StandardService startInternal

    INFO: Starting service Catalina

    11/02/2016 11:19:41 AM org.apache.catalina.core.StandardEngine startInternal

    INFO: Starting Servlet Engine: Apache Tomcat/7.0.23

    11/02/2016 11:19:42 AM org.apache.catalina.startup.HostConfig deployDirectory

    INFO: Deploying web application directory E:\Program Files (x86)\CA\Service Desk Manager\bopcfg\www\CATALINA_BASE_VIZ\webapps\CMDBVisualizer

    11/02/2016 11:19:42 AM org.apache.catalina.loader.WebappClassLoader validateJarFile

    INFO: validateJarFile(E:\PROGRA~1\CA\SERVIC~1\bopcfg\www\CATALINA_BASE_VIZ\webapps\CMDBVisualizer\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class

    - Visualizer Application Listener - context initialized ...

    11/02/2016 11:19:44 AM org.apache.catalina.util.SessionIdGenerator createSecureRandom

    INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [2,093] milliseconds.

    - Created SLUMP on DEVESMSAPP01 at port 2100

    - Created standard port 2100 for DEVESMSAPP01 with id 1455160786443

    - logonHeader proc(viz_slump_DEVESMSAPP01) pid(1876116271) logonTime(1455160789)

    - Got 41434b20 on port 60200 with id 1455160786443

    - NX_SLUMP_HEARTBEAT_TIMEOUT set to 900 seconds

    - SLUMP Log on is successful

    - Preparing fast channel to domsrvr...

    - Got 46434841 on port 60200 with id 1455160786443

    - Created fastchannel port 60372 for null with id 1455160790646 between -1062729066.viz_slump_DEVESMSAPP01 and 10521.domsrvr

    - Successfully established fast channel with DOMSrvr

    - Slump log on is successful

    l_fullpath :E:\PROGRA~1\CA\SERVIC~1\bopcfg\www\CATALINA_BASE_VIZ\webapps\CMDBVisualizer\WEB-INF/classes/cmdbvisualizerlogging.properties

    >>>>>>>>> Before Fetching Global Cache >>>>>>>>

    >>>>>>>>> After Fetching Global Cache  >>>>>>>>

    11/02/2016 11:19:59 AM org.apache.coyote.AbstractProtocol start

    INFO: Starting ProtocolHandler ["http-apr-9080"]

    11/02/2016 11:19:59 AM org.apache.coyote.AbstractProtocol start

    INFO: Starting ProtocolHandler ["http-apr-8443"]

    11/02/2016 11:19:59 AM org.apache.catalina.startup.Catalina start

    INFO: Server startup in 18570 ms

    8:02 AM org.apache.catalina.core.StandardServer await

    INFO: A valid shutdown command was received via the shutdown port. Stopping the Server instance.

    11/02/2016 11:18:02 AM org.apache.coyote.AbstractProtocol pause

    INFO: Pausing ProtocolHandler ["http-apr-9080"]

    11/02/2016 11:18:03 AM org.apache.coyote.AbstractProtocol pause

    INFO: Pausing ProtocolHandler ["http-apr-8443"]

    11/02/2016 11:18:03 AM org.apache.catalina.core.StandardService stopInternal

    INFO: Stopping service Catalina

    11/02/2016 11:18:03 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads

    SEVERE: The web application [/CMDBVisualizer] appears to have started a thread named [Thread-5] but has failed to stop it. This is very likely to create a memory leak.

    11/02/2016 11:18:03 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads

    SEVERE: The web application [/CMDBVisualizer] appears to have started a thread named [TCP_port-Write:domsrvr] but has failed to stop it. This is very likely to create a memory leak.

    11/02/2016 11:18:03 AM org.apache.coyote.AbstractProtocol stop

    INFO: Stopping ProtocolHandler ["http-apr-9080"]

    11/02/2016 11:18:03 AM org.apache.coyote.AbstractProtocol stop

    INFO: Stopping ProtocolHandler ["http-apr-8443"]

    11/02/2016 11:18:03 AM org.apache.coyote.AbstractProtocol destroy

    INFO: Destroying ProtocolHandler ["http-apr-9080"]

    11/02/2016 11:18:03 AM org.apache.coyote.AbstractProtocol destroy

    INFO: Destroying ProtocolHandler ["http-apr-8443"]

    ["http-apr-9080"]



  • 4.  Re: Visualizer configuration using pfx certificate

    Broadcom Employee
    Posted Feb 11, 2016 07:18 AM

    That error gives some clues.

     

    You are missing          SSLEnabled="true"           in your server.xml entry that you posted above.

     

    Checkout the example in the techdoc I provided in my previous post - http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1197111.aspx

     

    _R

     



  • 5.  Re: Visualizer configuration using pfx certificate

    Broadcom Employee
    Posted Feb 10, 2016 01:38 PM

    Are you able to launch the Visualizer URL?

    Is SD Tomcat configured on SSL?



  • 6.  Re: Visualizer configuration using pfx certificate

    Posted Feb 10, 2016 10:30 PM

    HI Anil,

     

    i am able to launch Visualizer on port 9080 but not using SSL, i have made changes in file server.xml in path E:\Program Files (x86)\CA\SC\tomcat\7.0.23\conf and in path "E:\Program Files (x86)\CA\Service Desk Manager\bopcfg\www\CATALINA_BASE_VIZ\conf"



  • 7.  Re: Visualizer configuration using pfx certificate
    Best Answer

    Posted Feb 11, 2016 10:29 PM

    Finally i am able to fix it after making protocol="org.apache.coyote.http11.Http11NioProtocol"  from protocol="HTTP/1.1"

     

    thank you for the help

     

    My Server.xml file

    ---------------------------------------------------------------------------------------------------------------------------------

           <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"

                   maxThreads="150" scheme="https" secure="true"

                   clientAuth="false" sslProtocol="TLS" keystoreFile="E:/Wilcard Cert Empired.com.pfx" keystorePass="c13280b05c" keystoreType="PKCS12" />

    -------------------------------------------------------------------------------------------------------------------------------------