Planning › CA Process Automation Integration Planning › How to Set Up SSL Communications with CA Process Automation › How to Enable Communications When CA Process Automation is SSL Enabled

How to Enable Communications When CA Process Automation is SSL Enabled

When CA Process Automation communicates with SSL, you must configure the CA SDM servers to communicate with CA Process Automation.

To enable communications when CA Process Automation is SSL enabled, do the following:

1. Verify that you can use CA Process Automation in a browser, without launching CA SDM. Record the CA Process Automation URL and use it for reference when you configure the CA Process Automation Workflow options in Options Manager.
2. Log in to CA SDM and install or modify the CA Process Automation Workflow options in Options Manager. For each of the following options, use the syntax https://server:8443 instead of http://server:8080 for reaching the SSL enabled CA Process Automation application. However, if the CA Process Automation installation uses another port instead of the 8443 SSL port, specify the appropriate port number.
   • caextwf_endpoint
   • caextwf_processdisplay_url
   • caextwf_worklist_url

   Note: If the values do not match the actual CA Process Automation installation values, CA SDM cannot communicate with CA Process Automation and a runtime error occurs. Verify that the values match the actual CA Process Automation installation values because the CA Process Automation installer might have selected a different port instead of port 8443.

3. On the CA Process Automation server, locate the KEYSTOREID and itpam.web.keystorealias entries in the following file:

   C:\Progra~1\ITPAM\server\c2o\.config\OasisConfig.properties
   

4. Copy the KEYSTOREID. Be prepared to paste the KEYSTOREID value as the password after you issue the keytool command.
5. On the CA Process Automation server, issue the following keytool command as one line on the command line:

   C:\Progra~1\ca\sc\jre\1.6.0_00\bin\keytool.exe -keystore C:\Progra~1\ITPAM\server\c2o\.config\c2okeystore -export -alias <keystorealias> -file itpam.cer
   

   The keytool utility prompts you for a password.

6. Paste or type the KEYSTOREID value as the password.

   The keytool utility uses the final parameter (-file itpam.cer) to create a file named itpam.cer. The itapm.cer file contains the necessary certificate information for communications with CA SDM.

7. Move the itpam.cer file to one of the following locations on the CA SDM server:
   • (Windows) %NX_ROOT%\bin
   • (UNIX) $NX_ROOT/bin
8. Import the CA Process Automation certificate information into CA SDM by entering the following command:

   (Windows) pdm_perl %NX_ROOT%\bin\pdm_keystore_mgr.pl -import %NX_ROOT%\bin\itpam.cer
   (UNIX) pdm_perl $NX_ROOT/bin/pdm_keystore_mgr.pl -import $NX_ROOT/bin itpam.cer
   

   The pdm_keystore_mgr.pl script generates the keystore file in the following locations:

   • (Windows) %NX_ROOT%\pdmconf\nx.keystore
   • (UNIX) $NX_ROOT/pdmconf/nx.keystore
9. The nx.keystore must be delivered to the following CA SDM servers, depending on the CA SDM configuration:
   • Conventional:Secondary server.
   • Advanced Availability: Application and standby server.

   Open the server_secondary.ver file from one of the following locations:

   • (Windows) %NX_ROOT%\site\server_secondary.ver
   • (UNIX) $NX_ROOT/site/server_secondary.ver
10. Modify the server_secondary.ver for version control by adding the following information:

    [SSL_Keystore]
    filename = "nx.keystore"
    directory = "$NX_ROOT/pdmconf"
    component_type = "file"
    O_mode = "RW"
    g_mode = "RW"
    w_mode = "RW"
    file_ctl
    

    Note: For information about managing version control, see the Administration Guide.

11. Restart CA SDM.

    The CA SDM server can communicate with the SSL enabled CA Process Automation application.

Note: For information about configuring CA Process Automation Workflow options, see the Online Help.