You can import the CA Portal Server Certificate so that a trusted connection can be made between CA SDM and CA Portal (when CA Portal is configured to use SSL).
To connect to CA SDM when Portal Uses SSL
Note: For information about the verification process, see your CA Portal documentation.
PORTAL_Install_Dir\jakarta-tomcat-4.1.29\conf.
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="150" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="c:\Program Files\CA\SC\Unicenter Management Portal\UMPkeystore" keystorePass="changeit" clientAuth="false" protocol="TLS" /> </Connector>
keytool -export -alias tomcat -file umpserver.cer -keystore "c:\Program Files\CA\SC\Unicenter Management Portal\UMPkeystore"
Enter keystore password: changeit
Certificate stored in file <umpserver.cer>
Note: When prompted for the password, be sure to use the password obtained from step 2b. In the previous example, changeit is the password noted in step 2b. The keystore location is also obtained from step 2b.
C:\Program Files\CA\SC\JRE\bin.
The following is an example of an import. In this example, the location of the Certificate authority is:
C:\Program Files\CA\SC\JRE\1.4.2_06\lib\security\cacerts
When prompted for a pwd, enter “changeit”. When prompted for Trust this certificate, enter Yes.
Keytool.exe -import -alias tomcat -trustcacerts -file umpserver.cer -keystore "C:\Program Files\CA\SC\JRE\1.4.2_06\lib\security\cacerts" Enter keystore password: changeit Owner: CN=ump001.ca.com, OU=unicenter, O=ca, L=islandia, ST=ny, C=us Issuer: CN=ump001.ca.com, OU=unicenter, O=ca, L=islandia, ST=ny, C=us Serial number: 43ecb469 Valid from: Fri Feb 10 10:42:33 EST 2006 until: Thu May 11 11:42:33 EDT 2006 Certificate fingerprints: MD5: A1:AF:AE:92:39:2E:53:D5:1C:6D:FE:44:68:61:DD:5C SHA1: 66:3A:BC:77:32:81:60:89:70:B9:EF:FB:74:3D:93:74:CD:8E:E2:D2 Trust this certificate? [no]: yes Certificate was added to keystore
Note: When prompted for the password, use the password obtained from step 2b. In the previous example, changeit is the password noted in step 2b.
<!DOCTYPE PORTAL SYSTEM "http://127.0.0.1:8080/servlet/media/xml/api/request.dtd">
With https:
<!DOCTYPE PORTAL SYSTEM "https://127.0.0.1:8080/servlet/media/xml/api/request.dtd">
Important! Include the domain name in the computer name as the portal certificate contains the domain name. For more information, see your CA Portal documentation.
http://hostname:portnumber/CAisd/PortalServlet?USERNAME=$USER.username$&PORTALSESSION=$SESSION$&PORTALINSTALL=servername:8443
Note: Substitute servername in the URL with the name of the web server on which CA Portal resides. The server name in this URL should include the domain name, for example, servername.ca.com:8443. Substitute the hostname:portnumber in the URL with the name and port of the web server on which CA SDM resides.
Copyright © 2012 CA. All rights reserved. |
|