(Optional) Configure Universal CMDB to Support HTTPS for the Integration

If you need to enable real-time integration with Universal CMDB using HTTPS, perform one of the following procedures, depending on whether or not the Universal CMDB server already supports HTTPS. Then proceed to the rest steps.

In this topic:

Configure Universal CMDB if the Server Already Supports HTTPS

If the current Universal CMDB server is already configured to support HTTPS, you can use the existing keystore file directly:

1. Locate the keystore file.

2. Locate the certificate in the keystore.

3. Run the script below to export the certificate:

   keytool -export -alias [Certificate alias name] -keystore <UCMDB_Server_HOME>\UCMDBServer\j2f\EJBContainer\server\mercury\conf\<keystore or certs file name> -file c:\<Certificate alias name>

4. Import the certificate to the PPM server:

   keytool -import -trustcacerts -alias[Certificate alias name] -keystore [keystore or certs file path] -file c:\<Certificate alias name>

Back to top

Configure Universal CMDB if the Server Does Not Support HTTPS Yet

If the current Universal CMDB server is not configured to support HTTPS yet, do the following:

1. Generate the keystore file on Universal CMDB.

   Run the following scripts:

   <UCMDB_Server_HOME>\UCMDBServer\j2f\JRE\bin>keytool -genkey -keystore 

   <UCMDB_Server_HOME>\UCMDBServer\j2f\EJBContainer\server\mercury\conf\ucmdb.keystore

   Enter the keystore password and provide other information as necessary when prompted.

2. Enable SSL on the Web server for Universal CMDB Server.

   1. To enable JBoss in SSL, edit the following file:

      <UCMDB_Server_HOME>\j2f\EJBContainer\server\mercury\deploy\jbossweb-tomcat55.sar\server.xml

      Uncomment the following entry:

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore:
      <Connector port="8443" address="${jboss.bind.address}"
          maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
          emptySessionPath="true"
          scheme="https" secure="true" clientAuth="false"
          keystoreFile="${jboss.server.home.dir}/conf/ucmdb.keystore"
          keystorePass="changeit" [keyAlias="myCert"]
          sslProtocol = "TLS" />
      -->

      Make sure that keystoreFile and keystorePass are set to the correct path of a java keystore and its password respectively.

      Note: If the keystore holds more than one certificate, the first one will be used.

      (Optional) To choose a specific certificate, use the keyAlias attribute with the alias of the certificate.

      With the above settings, JBoss will look for the keystore in:

      <UCMDB_Server_HOME>\j2f\EJBContainer\server\mercury\conf\ucmdb.keystore

   2. Restart the Universal CMDB server.

      Now, to access the Universal CMDB web page in SSL you can go to the URL

      https://<UCMDB_Server_HOST>:8443/ucmdb 

3. Generate a certificate in the keystore file with alias ucmdbCer, then export the certificate and import it to the PPM Server.

   1. Run the script below to generate the certificate:

      keytool -genkey -alias ucmdbCer -keyalg RSA -keystore <UCMDB_Server_HOME>\UCMDBServer\j2f\EJBContainer\server\mercury\conf\ucmdb.keystore

   2. Export the certificate:

      keytool -export -alias ucmdbCer -keystore <UCMDB_Server_HOME>\UCMDBServer\j2f\EJBContainer\server\mercury\conf\ucmdb.keystore -file c:\ucmdbCer

   3. Import the certificate to the PPM server:

      keytool -import -trustcacerts -alias ucmdbCer -keystore [keystore or certs file path] -file c:\ucmdbCer

Back to top