How to Configure Data Sources to Connect to SSL URLs

There are two ways to configure the Unified Self-service data source to connect to the CA Service Desk Manager (CA SDM) or CA Service Catalog SSL URLs:
casm1401
There are two ways to configure the Unified Self-service data source to connect to the CA Service Desk Manager (CA SDM) or CA Service Catalog SSL URLs:
  • Import SSL Certificates
  • Update Custom Keystore References
Import SSL Certificates
If CA SDM and CA Service Catalog are SSL enabled, import and add the SSL certificates to the JRE Keystore
Follow these steps:
  1. Download the SSL certificate by accessing the CA SDM and CA Service Catalog URL.
  2. Save the certificates at any location.
  3. Set the JAVA_HOME and PATH environment variables.
    For example:
    JAVA_HOME="C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre"
    PATH=%JAVA_HOME%\bin;%PATH%
  4. Navigate to the 
    OSOP\tomcat-7.0.40\jre\lib\security\
     folder and create a backup of the 
    cacerts
    file.
  5. Copy the downloaded certificates to the
    OSOP\tomcat-7.0.40\jre\lib\security
    folder.
    : Ensure that you copy all the required certificates.
  6. Import each certificate that you copied with a unique name by executing the following command:
     keytool -import -trustcacerts -alias server -file "\OSOP\tomcat-7.0.40\jre\lib\security\<
    certificate_name
    >.cer" -keystore "\OSOP\tomcat-7.0.40\jre\lib\security\cacerts" -storepass changeit 
    Where,
    certificate_name
    is the alias that you provide for the certificate that you import.
    : For
    cacerts
    file, the default password is
    changeit
    .
  7. Repeat step 6 for each certificate and replace the 
    certificate_name
    for each certificate.
  8. Restart USS Tomcat server.
  9. Repeat steps 3-8 for CA Service Catalog.
  10. Verify that you can now access the SSL enabled CA SDM or CA Service Catalog URLs from USS.
Update Custom Keystore References
Follow these steps:
  1. Download and save the keystore files for CA SDM and CA Service Catalog on the USS server.
    : Ensure that the keystore file is JKS instead of PKCS file. For more information on how to convert the PKCS file to JKS, see Convert PKCS file to JKS.
  2. Navigate to \OSOP\tomcat-7.0.40\bin\ folder and create a backup of the
    wrapper.conf
    file.
  3. Edit the original
    wrapper.conf
    file.
  4. Locate the following parameters with sequential numbers.
    For example, 
    wrapper.java.additional.25=-Dcatalina.home="\OSOP\tomcat-7.0.40"
    wrapper.java.additional.26=-Djava.io.tmpdir="\OSOP\tomcat-7.0.40\temp"
  5. Add parameters with next sequence numbers.
    For example,
    wrapper.java.additional.27=-Djavax.net.ssl.trustStore="\OSOP\tomcat-7.0.40\jre\lib\security\<keystore_name>"
    wrapper.java.additional.28=-Djavax.net.ssl.trustStorePassword="Keystore_password"
    Where,
    -Djavax.net.ssl.trustStore
    , is the JKS keystore file used for Tomcat in CA SDM and CA Service Catalog.
    -Djavax.net.ssl.trustStorePassword
    , is the password for that keystore.
    You can import all the required keystore file for CA SDM and CA Service Catalog into a single keystore and then point USS to use the keystore.
  6. Restart the USS server.