CA Service Management

  • Private Community
Back to discussions
Expand all | Collapse all

configure APM 12.9 and CA SAM to communicate securely using the SSL protoco

  • 1.  configure APM 12.9 and CA SAM to communicate securely using the SSL protoco

    Posted Jun 06, 2014 11:05 AM

    The information provided is to configure APM 12.9 and CA SAM to communicate securely using the SSL protocol.


    Configure APM 12.9:

     Follow the APM Implementation guide - section titled 'Secure Network Communication Configuration'
     Test fix T5XU049 (apm12.9.01) is needed to be applied to apm 12.9

    Configure  CA SAM to work with SSL:

     1. Configure the web site on the web server where ca sam is installed.
     
     The below link has a nice short video on configuring the web site for SSL. 
     
     http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis


     2. You will need to make the below mentioned changes in web.config file of SAMImportExport service on the CA SAM server. 

     a. Update the serviceBehaviors section to change it to httpsGetEnabled = True
     instead of httpGetEnabled = True like below

     <serviceBehaviors>
        <behavior name="CA.Applications.OEMService.OEMImportBehavior">
         <serviceMetadata httpsGetEnabled="true" />
         <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
       </serviceBehaviors>

     b. Update the bindings section as shown below:

     <system.serviceModel>
       <bindings>
        <basicHttpBinding>
         <binding name="httpBinding_OEMService" maxBufferSize="2147483647"maxReceivedMessageSize="2147483647" transferMode="Streamed">
          <readerQuotas maxArrayLength="2147483647"/>
             <security mode="Transport">
             <transport clientCredentialType="None" />
             </security>
         </binding>
        </basicHttpBinding>

     Note: Change the Security mode to "Transport" from "None"  if needed.
     Add the <transport clientCredentialType="None" /> if not already there.

     c. Under the services section, if the following line exists, change <mexHttpBinding>  to mexhttpsbinding 
     <services>
      <service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
      <clear/>
       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
       <endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
     </service>
     </services>

     d. Save the changes and do an IISRESET on the CA SAM server

     



  • 2.  RE: configure APM 12.9 and CA SAM to communicate securely using the SSL pro

     
    Posted Jun 06, 2014 11:58 AM
    kuhde01:

    The information provided is to configure APM 12.9 and CA SAM to communicate securely using the SSL protocol.


    Configure APM 12.9:

     Follow the APM Implementation guide - section titled 'Secure Network Communication Configuration'
     Test fix T5XU049 (apm12.9.01) is needed to be applied to apm 12.9

    Configure  CA SAM to work with SSL:

     1. Configure the web site on the web server where ca sam is installed.
     
     The below link has a nice short video on configuring the web site for SSL. 
     
     http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis


     2. You will need to make the below mentioned changes in web.config file of SAMImportExport service on the CA SAM server. 

     a. Update the serviceBehaviors section to change it to httpsGetEnabled = True
     instead of httpGetEnabled = True like below

     <serviceBehaviors>
        <behavior name="CA.Applications.OEMService.OEMImportBehavior">
         <serviceMetadata httpsGetEnabled="true" />
         <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
       </serviceBehaviors>

     b. Update the bindings section as shown below:

     <system.serviceModel>
       <bindings>
        <basicHttpBinding>
         <binding name="httpBinding_OEMService" maxBufferSize="2147483647"maxReceivedMessageSize="2147483647" transferMode="Streamed">
          <readerQuotas maxArrayLength="2147483647"/>
             <security mode="Transport">
             <transport clientCredentialType="None" />
             </security>
         </binding>
        </basicHttpBinding>

     Note: Change the Security mode to "Transport" from "None"  if needed.
     Add the <transport clientCredentialType="None" /> if not already there.

     c. Under the services section, if the following line exists, change <mexHttpBinding>  to mexhttpsbinding 
     <services>
      <service behaviorConfiguration="CA.Applications.OEMService.OEMImportBehavior" name="CA.Applications.OEMService.OEMService">
      <clear/>
       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding_OEMService" name="BasicHttpBinding_OEMService"contract="CA.Applications.OEMService.IOEMService" listenUriMode="Explicit"/>
       <endpoint address="mex" binding="mexHttpsBinding" name="Mex" contract="IMetadataExchange" listenUriMode="Explicit"/>
     </service>
     </services>

     d. Save the changes and do an IISRESET on the CA SAM server

     


    Thanks for sharing this tip with the community!