Integrating with Other Products › CA Portal Integration › Configure CA SDM to Use SSL with CA Portal › Connect to CA SDM when CA Portal Uses SSL

Connect to CA SDM when CA Portal Uses SSL

You can import the CA Portal Server Certificate so that a trusted connection can be made between CA SDM and CA Portal (when CA Portal is configured to use SSL).

To connect to CA SDM when Portal Uses SSL

1. Verify that CA Portal is configured and works with SSL.

   Note: For information about the verification process, see your CA Portal documentation.

2. Export the certificate from the computer on which CA Portal is installed by following these steps:
   1. Locate the server.xml file at the following location:

      PORTAL_Install_Dir\jakarta-tomcat-4.1.29\conf.
      

   2. Note the keystore location and password (pwd), as illustrated in the following lines in server.xml. The default password is changeit (all lower case). If you used a custom password while creating the certificate during the portal setup, you will have to use the custom password. For information, see your CA Portal documentation. In the following steps and examples, changeit is the default password used:

      <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
      <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
         port="8443" minProcessors="5" maxProcessors="150"
            enableLookups="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
            useURIValidationHack="false" disableUploadTimeout="true">
       <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
            keystoreFile="c:\Program Files\CA\SC\Unicenter Management Portal\UMPkeystore"
            keystorePass="changeit"
            clientAuth="false" protocol="TLS" />
          </Connector>
      

   3. Navigate to the JRE bin directory (PORTAL_Install_Dir\ jre\bin) on the portal server computer to access the keytool utility that you will use for exporting the PORTAL Server certificate to a file.
   4. Access the keytool utility, using the following command:

      keytool -export -alias tomcat -file umpserver.cer -keystore "c:\Program Files\CA\SC\Unicenter Management Portal\UMPkeystore"
      

      Enter keystore password: changeit

      Certificate stored in file <umpserver.cer>

      Note: When prompted for the password, be sure to use the password obtained from step 2b. In the previous example, changeit is the password noted in step 2b. The keystore location is also obtained from step 2b.

3. Import the certificate obtained from the server to the computer containing the CA SDM installation by using the keytool utility, as follows:
   1. On the CA SDM computer, navigate to the JRE\bin directory directory, typically at the following location:

      C:\Program Files\CA\SC\JRE\bin. 
      

   2. The certificate should be imported into the Certification authority used by the CA SDM Java Virtual Machine.

      The following is an example of an import. In this example, the location of the Certificate authority is:

      C:\Program Files\CA\SC\JRE\1.4.2_06\lib\security\cacerts
      

      When prompted for a pwd, enter “changeit”. When prompted for Trust this certificate, enter Yes.

      Keytool.exe -import -alias tomcat -trustcacerts -file umpserver.cer -keystore "C:\Program Files\CA\SC\JRE\1.4.2_06\lib\security\cacerts"
      Enter keystore password:  changeit
      Owner: CN=ump001.ca.com, OU=unicenter, O=ca, L=islandia, ST=ny, C=us
      Issuer: CN=ump001.ca.com, OU=unicenter, O=ca, L=islandia, ST=ny, C=us
      Serial number: 43ecb469
      Valid from: Fri Feb 10 10:42:33 EST 2006 until: Thu May 11 11:42:33 EDT 2006
      Certificate fingerprints:
               MD5:  A1:AF:AE:92:39:2E:53:D5:1C:6D:FE:44:68:61:DD:5C
               SHA1: 66:3A:BC:77:32:81:60:89:70:B9:EF:FB:74:3D:93:74:CD:8E:E2:D2
      Trust this certificate? [no]:  yes
      Certificate was added to keystore
      

      Note: When prompted for the password, use the password obtained from step 2b. In the previous example, changeit is the password noted in step 2b.

4. Edit the file portal-xml-api.xml under $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\xml\portal-xml-api.xml by completing the following steps:
   1. Replace http in the line:

      <!DOCTYPE PORTAL SYSTEM "http://127.0.0.1:8080/servlet/media/xml/api/request.dtd">
      

      With https:

      <!DOCTYPE PORTAL SYSTEM "https://127.0.0.1:8080/servlet/media/xml/api/request.dtd">
      

   2. Save the file.
   3. If Portal_Safe_List has been installed, make sure you change the port number to 8443 and the computer name to include the domain name (for example, computername.ca.com:8443).

      Important! Include the domain name in the computer name as the portal certificate contains the domain name. For more information, see your CA Portal documentation.

5. Recycle the CA SDM server.
6. From CA Portal, connect to the CA SDM Portlet using the following URL:

   http://hostname:portnumber/CAisd/PortalServlet?USERNAME=$USER.username$&PORTALSESSION=$SESSION$&PORTALINSTALL=servername:8443
   

   Note: Substitute servername in the URL with the name of the web server on which CA Portal resides. The server name in this URL should include the domain name, for example, servername.ca.com:8443. Substitute the hostname:portnumber in the URL with the name and port of the web server on which CA SDM resides.

More information:

Include Portlets