Re: Service Manager & SSO - Verify that SSL is working (846 Views)
Reply
Advisor
stelios_zack
Posts: 19
Registered: ‎05-05-2010
Message 1 of 4 (867 Views)

Service Manager & SSO - Verify that SSL is working

[ Edited ]

Hello to everybody,

 

I am in the process of setting up TSO with SSL (SM+apache tomcat+IIS). Before proceeding more i want to verify that certificates are deployed as it should so in this step i would like ONLY to verify that SSL connection is working between SM and apache tomcat.

 

So i am trying to utilize SSO functionality but just login normally to SM through web tier using SSL (https). Is that possible?

 

Here are my configuration settings:

 

sm.ini

----------------------------

shared_memory:32000000
#webservices_sessiontimeout=1800
log:../logs/sm.log
system:13080
#httpPort:13080
#httpsPort:13443
sqldictionary:sqlserver

 

[sqlserver]
sqldb:HPServiceManager_V9_30
sqllogin:ansm002/ansm002!1234
plugin0:kmplugin.dll

 

# SSL, SSO configuration parameters
sslConnector:0

 

#for TSO
#trustedsignon:1
ssl:1
ssl_reqClientAuth:2

 

#Keystore
keystoreFile: y0045server.keystore (sm server keystore)
keystorePass:  xxxxxx

 

#Trusted Clients File and password
#ssl_trustedClientsJKS:helpdesk.keystore
#ssl_trustedClientsPwd: xxxxxx

 

#Known Certificate Authorities - The signing CA must be in here
truststoreFile: cacerts
truststorePass: changeit

------------------------------------------------

 

i know i should deploy a webclients.keystore to sm server RUN directory (now commented out) ... waiting for client admins to deploy ...

 

Here are my sm.cfg config options:

 

sm.cfg

-------------------------------------------------

sm -httpPort:13081 -httpsPort:13091 -sslConnector:1 -ssl:1


sm -httpPort:13080 -sslConnector:0
sm -httpPort:13082 -httpsPort:13092 -sslConnector:1 -ssl:1 -ssl_reqClientAuth:1
sm -httpPort:13083 -httpsPort:13093 -sslConnector:1 -ssl:1 -ssl_reqClientAuth:2 -debugnode:1
sm -httpPort:13084 -httpsPort:13094 -sslConnector:1 -ssl:1 -ssl_reqClientAuth:2 -trustedsignon:1 -debugnode:1

 

sm -que:ir
sm system.start

-------------------------------------------------

 

I have imported & generated (using client's certificate authority) the following files:

 

 

WEB-INF/
cacerts
helpdesk.keystore

 

RUN/
cacerts
y0045server.keystore

webclients.keystore (to be deployed)

 

I am also attaching the web.xml configured for SSL...

 

So if my config options for SSL are the above should i be able to test just SSL connection between SM & tomcat?

 

thanks!

Advisor
stelios_zack
Posts: 19
Registered: ‎05-05-2010
Message 2 of 4 (846 Views)

Re: Service Manager & SSO - Verify that SSL is working

I have started using port 13082 in my web.xml file.

 

The relevant command for SM server is:

sm -httpPort:13082 -httpsPort:13092 -sslConnector:1 -ssl:1 -ssl_reqClientAuth:1

 

I am receiving the following error when trying to access through web:

 

Απρ 23, 2013 9:36:05 ΠΜ org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [HP Service Manager Web] in context with path [/webtier-9.31] threw exception [com.hp.ov.sm.client.common.communications.CommunicationException: javax.xml.soap.SOAPException: Message send failed - connection to host http://as005g215.cy.hellenicbank.net:13082/SM/ui refused. Your server session may have been terminated or timed out. You may need to go to the login page and log in once again.] with root cause
java.net.ConnectException: Connection refused: connect

 

Any ideas?

 

Advisor
r4ynor
Posts: 15
Registered: ‎09-23-2013
Message 3 of 4 (474 Views)

Re: Service Manager & SSO - Verify that SSL is working

hi Stelios..

 

Just wanted to know if your configurations works.
please let me know since am in the middle of an implementation for SSL and SSO.

 

Thanks

 

Chris

Regular Advisor
MariamElkomos
Posts: 168
Registered: ‎04-07-2013
Message 4 of 4 (404 Views)

Re: Service Manager & SSO - Verify that SSL is working

Hello,

 

Could you please tell if you could solve this out?

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.