ServiceDesk

 View Only
Back to Library

Enable SSL in ServiceDesk 7.1 After Post Install Wizard Finishes 

Jul 06, 2011 02:30 PM

Problem: During the install of ServiceDesk 7.1, the SSL option was not selected and you now want to enable SSL.

This document does not discuss securing the communication between ServiceDesk and an off box SQL server or between ServiceDesk and the Symantec Management Platform (SMP) Configuration Management Database (CMDB).

Prerequisite: SSL certificate must already be installed and configured in IIS.

The areas where changes are required include:

Properties.config

Process Manager: Application Properties

Task Tray: Local Machine Info

Database (only if there are existing Tasks)

Properties.config

In each project in ServiceDesk, there is a properties.config file that contains the BaseURLToProject. On the ServiceDesk server, navigate to the installation directory and search for properties.config.  On my install, the location was C:\Program Files\Symantec\Workflow\WorkflowDeploy\Release.  There were about 53 files that I had to edit.  The only section you need to change is the PropertyValue of the BaseURLToProject in each properties.config.  The section you should look for is similar to below. I’ve already made the change and highlighted it in red. 

  <ApplicationProperty>

        <PropertyName>BaseURLToProject</PropertyName>

<PropertyValue>https://sdcluster.eml.test/SD.CreateRoutingRules</PropertyValue>

    <EncryptInXml>false</EncryptInXml>

    </ApplicationProperty>

ProcessManager: Application Properties

The Application Properties in ServiceDesk have links that need to be updated to have “https” in them.  Here is a list of the links that I changed:

            General Settings Section

                        Processmanager URL

            Services Section

                        ChangeManagement URL

                        ServerFQDN

                        SelfServicePortalURL

                        MonitorMigratedIncidentsURL

                        KBManagementURL

                        CreateEmailURL

                        KBSearchURL

                        IncidentManagementURL

                        RoutingRulesURL

                        ProblemManagementURL

                        CreateChatTaskURL

                        InboundMailManagementURL

                        DataServicesURL

                        AssetViewURL

Server Settings

Open the Settings for the Local Machine from the Task Tray Icon:

Click the Edit button to edit the Server Settings.


Change the Deployment Root URL to https and select the Use HTTPS check box. The Port Number automatically updated when I checked the checkbox.

Click OK.

Scroll down and edit the Integrated Authentication URL to use https.

Database

If you have existing tasks in your database, the Task and TaskResponse tables have saved URLs that will not work.  They are saved with http in the URL and will need to be updated to https.  Here are three stored procedures that I used to update all of the records in these two tables.  The TaskReponse table had 122,000 records that took 17 minutes to update.

This stored procedure will update the URL in the TaskReponse table:

 DECLARE @mycur CURSOR

DECLARE @ID VARCHAR(1024)


SET @mycur = CURSOR

FOR

SELECT TaskResponseID FROM [DBNAME].[dbo].[TaskResponse]


OPEN @mycur


FETCH NEXT FROM @mycur INTO @ID


WHILE @@FETCH_STATUS = 0

BEGIN


UPDATE [DBNAME].[dbo].[TaskResponse]

SET URL=(SELECT Replace((Select URL from [DBNAME].[dbo].[TaskResponse]

WHERE TaskResponseID = @ID), 'http', 'https'))

WHERE TaskResponseID = @ID


FETCH NEXT FROM @mycur INTO @ID

END


DEALLOCATE @mycur

 

This stored procedure will update the UrlOfProcess field in the Task table:

 DECLARE @mycur CURSOR

DECLARE @ID VARCHAR(1024)


SET @mycur = CURSOR

FOR

SELECT TaskID FROM [DBNAME].[dbo].[Task]


OPEN @mycur


FETCH NEXT FROM @mycur INTO @ID


WHILE @@FETCH_STATUS = 0

BEGIN


UPDATE [DBNAME].[dbo].[Task]

SET UrlOfProcess=(SELECT Replace((Select UrlOfProcess from [DBNAME].[dbo].[Task]

WHERE TaskID = @ID), 'http', 'https'))

WHERE TaskID = @ID


FETCH NEXT FROM @mycur INTO @ID

END


DEALLOCATE @mycur

 

This stored procedure will update the UrlOfResponseService field in the Task table:

 DECLARE @mycur CURSOR

DECLARE @ID VARCHAR(1024)


SET @mycur = CURSOR

FOR

SELECT TaskID FROM [DBNAME].[dbo].[Task]


OPEN @mycur


FETCH NEXT FROM @mycur INTO @ID


WHILE @@FETCH_STATUS = 0

BEGIN


UPDATE [DBNAME].[dbo].[Task]

SET UrlOfResponseService =(SELECT Replace((Select UrlOfResponseService from [DBNAME].[dbo].[Task]

WHERE TaskID = @ID), 'http', 'https'))

WHERE TaskID = @ID


FETCH NEXT FROM @mycur INTO @ID

END


DEALLOCATE @mycur

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

africo
Jun 12, 2014 06:16 PM

To add to this - I had to also make a change to the Base URL To Process Manager in Admin - Portal - Master Settings - Notifications - Base URL To Process Manager.

This process, in my case, didn't work until this change was made and saved.

Migration User
Feb 27, 2012 07:35 PM

You can use the attached vbscript to change all the properties config files with one swoop!  Use at your own risk.  I simply saved to the Desktop on the servicedesk server and ran from there.  Tested on SD 7.1 SP2

Migration User
Jan 05, 2012 04:43 PM

Hi!

Thanks for the help and fast reply.

We'll keep the same hostname ...something like "Sdeskserver01.company.local'  .....but users will access this server from the internet using "https://servicedesk.mycompany.com", in this case we wouldn't change the hostname but just create a DNS alias in a way users can find this server using it's "friendly" name....

Let me know if something still unclear

 

Regards, 

 

 

 

 

Migration User
Jan 05, 2012 02:33 PM

It seems your question is more about can I change my hostname but it is related because you are implementing SSL and need to change the hostname because of your certificate.  Is that correct?

Migration User
Jan 05, 2012 01:32 PM

 

Very useful info yahoogle, I have some questions you might help me out:

We've bought a certificate to access SD with SSL from outside our company....the certificate was requested with the FQDN used to access the system from the external world (sd.mycompany.com) internal clients can resolve this name too if needed.....the question is if we also need to change the server FQDN in all the fields described in the article, or just change these URL's from "http" to "https"

As a test I've just installed the certificate on IIS, created the 443 port biding and could access the process manager portal using https...Reading your article i have the impression I would have problems in the future :]

Thank you!

 

 

Related Entries and Links

No Related Resource entered.