DX Operational Intelligence

Expand all | Collapse all

SSL Implementation in SOI 4.2 not working as expected

Jump to Best Answer
  • 1.  SSL Implementation in SOI 4.2 not working as expected

    Posted 11-21-2019 06:22 AM
    Hello Everyone,

    I am trying to implement SSL and i have .pfx file from the customer. In server.xml ( in SamUI\conf ) i am putting the path to the .pfx file in keystoreFile and .pfx file password to keystorePass. After doing force SSL connection for all interface access, i am still not able to access SOI on https.

    Is there any other step in the configuration which i have missed ?

    Any help would be much appreciated.


    Reagrds
    Mukul



  • 2.  RE: SSL Implementation in SOI 4.2 not working as expected

    Posted 11-25-2019 07:48 AM
    Hi Mukul,

    Have you checked this KB article?
    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=38641

    Thanks
    Brahma


  • 3.  RE: SSL Implementation in SOI 4.2 not working as expected

    Posted 11-25-2019 08:08 AM
    Hello Brahma,

    Yes, i checked the KB article and followed the process ( after pointing to Keystore file in SamUI\conf ) mentioned in : https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/service-operations-insight/4-2/installing/ssl-implementation/force-ssl-connection-for-all-interface-access.html

    I tried with different browser as well but didn't work. Is there any step missing in the process for .pfx ( keystorefile ) implementation ?


    Reagrds
    Mukul


  • 4.  RE: SSL Implementation in SOI 4.2 not working as expected
    Best Answer

    Posted 11-26-2019 04:41 AM
    Hi Mukul,

    You seem to be trying to use the .pfx file as keystore, however a .pfx file is a certificate archive that includes the entire certificate chain.
    What you should do is export the specific certificate from the .pfx file and import that into the existing ssa.jks, or, alternatively create a new keystore and import the certificate into there.
    See: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/service-operations-insight/4-2/installing/ssl-implementation/access-the-ca-soi-interfaces-through-an-ssl-connection.html

    Cheers!
    Vincent


  • 5.  RE: SSL Implementation in SOI 4.2 not working as expected

    Posted 12-02-2019 08:05 AM
    Hello Vincent,

    Thanks for your input. I exported the specific certificate and did the SSL import as mentioned in the link but i still couldn't access it via https. I also did the force SSL connection for UI Server but it gives me error. Please see the attached image from the IE Browser. I don't have complete rights for the IE settings. 

    Any help in this regard ?

    Thanks !


    Regards
    Mukul



  • 6.  RE: SSL Implementation in SOI 4.2 not working as expected

    Posted 12-03-2019 02:54 AM
    Hello Mukul, it appears you have to configure this at the Browser level. Please see the following information:

    https://knowledge.digicert.com/generalinformation/INFO3299.html

    Kind regards,
    Britta


  • 7.  RE: SSL Implementation in SOI 4.2 not working as expected

    Posted 12-03-2019 07:45 AM
    Hello Britta,

    Thanks for your mail. As i have limited rights in IE i made changes ( as mentioned in the ink ) in the Firefox browser but still can't access SOI via https . I also checked for other settings for the browser over internet for such issue but it seems that browser settings are configured correct now. This time i am getting below error on the browser : 

    Error getting in browser : Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    Also, when i implement force SSL on UI Server and at some steps implementation says to run : registrydownloader.bat and registryloader.bat as per the documentation, in cmd it gives below message :


    Is this normal behavior and can be ignored ? I believe there is something missing from the server side or some issue while importing SSL and performing force SSL connection.

    I am following below process :
    1. I have .pfx file which Vincent already told me to export specific certificate.
    2. Convert exported .cer certificate to .crt certificate.( export of certificate from .pfx is by default as .cer ).
    3. I import certificate as per defined process in documentation.
    4. I force SSL connection for UI Server.

    Appreciate any help here. Thanks !


    Regards
    Mukul