Cisco Cisco Prime Service Catalog 10.0 Technical References
5-44
Cisco Prime Service Catalog 10.0 Configuration Guide
OL-31034-01
Chapter 5 System Administration
Configuring SSL for Service Link Inbound Documents
Step 16
If you decide to disable the nonsecure port for the Service Link service, send the file “slsigner.cer” to
the system administrator who manages the external system which communicates with the Service Link
service. Two things will need to be configured for that external system:
the system administrator who manages the external system which communicates with the Service Link
service. Two things will need to be configured for that external system:
a.
The Service Link URL needs to be changed from an http address to an https address with the secure
port number. For example, previously, the Service Link URL may be:
port number. For example, previously, the Service Link URL may be:
http://<sl_servername>:9001/IntegrationServer/ishttplistener/ <agent_name>
It must now be changed to:
https
://<sl_servername>:9443/IntegrationServer/ishttplistener/<agent_name>
b.
The signer certificate of the servicelink certificate (i.e. the contents of file “slsigner.cer”) needs to
be imported into the Java Trusted Certificate Authority Keystore of the external system, so that a
trusted handshake can be established during the SSL connection with the Service Link service.
be imported into the Java Trusted Certificate Authority Keystore of the external system, so that a
trusted handshake can be established during the SSL connection with the Service Link service.
For a clustered WebLogic environment only
Step 1
If you decide to disable the nonsecure port for the Service Link service, then you must also import the
signer certificate into the Java Trusted Certificate Authority Keystore of the Request Center service. This
is because Service Link runs a separate WebLogic server that does not belong to the cluster. (Only
Request Center and the Business Engine can be installed on the cluster.) Request Center acts as a “client”
that connects to the Service Link service at runtime. Complete the following procedure to import the
signer certificate into the Java Trusted CA Keystore for Request Center:
signer certificate into the Java Trusted Certificate Authority Keystore of the Request Center service. This
is because Service Link runs a separate WebLogic server that does not belong to the cluster. (Only
Request Center and the Business Engine can be installed on the cluster.) Request Center acts as a “client”
that connects to the Service Link service at runtime. Complete the following procedure to import the
signer certificate into the Java Trusted CA Keystore for Request Center:
a.
Log on to one of the nodes of the WebLogic cluster where Request Center application is running.
b.
Locate the file “cacerts” in the directory “<JAVA_HOME>\jre\lib\security”, where <JAVA_HOME>
is the root directory of the Sun JDK 6 installation. This file is the Trusted CA Keystore that comes
with the Sun JDK 6 installation.
is the root directory of the Sun JDK 6 installation. This file is the Trusted CA Keystore that comes
with the Sun JDK 6 installation.
Make sure that <JAVA_HOME> is the correct Java directory used by your WebLogic application
server. To verify this, look for the JAVA_HOME setting inside file “commEnv.cmd” (on UNIX/Linux,
look for “commEnv.sh”), located under the “<WL_HOME>\common\bin” directory. For example:
server. To verify this, look for the JAVA_HOME setting inside file “commEnv.cmd” (on UNIX/Linux,
look for “commEnv.sh”), located under the “<WL_HOME>\common\bin” directory. For example:
set JAVA_HOME=C:\jdk160_23.
c.
Copy the file “slsigner.cert” to the “<JAVA_HOME>\jre\lib\security” directory.
d.
Import the signer certificate into the “cacerts” keystore by executing the following commands on a
Command Prompt window:
Command Prompt window:
cd <JAVA_HOME>\jre\lib\security
<JAVA_HOME>\bin\keytool -import -trustcacerts -alias servicelink –noprompt -file
slsigner.cer -keystore cacerts -storepass changeit
In the command above, the password for the “cacerts” keystore file is still the default value of
“changeit”. Replace it with the correct value if the password for “cacerts” has been changed in
your environment.
“changeit”. Replace it with the correct value if the password for “cacerts” has been changed in
your environment.
e.
Copy file “cacerts” that you just updated in the last step to the “<JAVA_HOME>\jre\lib\security”
directory on every node in the WebLogic cluster where Request Center is deployed. For example, if
your WebLogic cluster contains three nodes, and each node is a separate machine, then copy the file
“cacerts” from this machine to the other two machines.
directory on every node in the WebLogic cluster where Request Center is deployed. For example, if
your WebLogic cluster contains three nodes, and each node is a separate machine, then copy the file
“cacerts” from this machine to the other two machines.
f.
Modify file “newscale.properties” under the directory “<BEA_HOME>\ user_projects\
domains\<domain_name>\servers\<servername>\stage\ RequestCenter\config" as follows:
domains\<domain_name>\servers\<servername>\stage\ RequestCenter\config" as follows: